diff options
author | github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> | 2023-04-21 06:01:08 +0000 |
---|---|---|
committer | GitHub <noreply@github.com> | 2023-04-21 06:01:08 +0000 |
commit | 2994ad0fdd32733224851b3ab65b30ba73eae2d8 (patch) | |
tree | b9458703022d5acb69f07a6163377e5d4e33a974 /nixos | |
parent | 7fea76bc9d954dc6d2f5c938607b3e3098f1d44f (diff) | |
parent | d72657a34de9ba0645e9a02a83dfe0685ba5e846 (diff) |
Merge master into staging-next
Diffstat (limited to 'nixos')
-rw-r--r-- | nixos/modules/services/networking/netbird.nix | 5 | ||||
-rw-r--r-- | nixos/modules/services/security/authelia.nix | 2 |
2 files changed, 4 insertions, 3 deletions
diff --git a/nixos/modules/services/networking/netbird.nix b/nixos/modules/services/networking/netbird.nix index 5bd9e9ca61696..647c0ce3e6d1f 100644 --- a/nixos/modules/services/networking/netbird.nix +++ b/nixos/modules/services/networking/netbird.nix @@ -41,9 +41,10 @@ in { documentation = [ "https://netbird.io/docs/" ]; after = [ "network.target" ]; wantedBy = [ "multi-user.target" ]; + path = with pkgs; [ + openresolv + ]; serviceConfig = { - AmbientCapabilities = [ "CAP_NET_ADMIN" ]; - DynamicUser = true; Environment = [ "NB_CONFIG=/var/lib/netbird/config.json" "NB_LOG_FILE=console" diff --git a/nixos/modules/services/security/authelia.nix b/nixos/modules/services/security/authelia.nix index 143c441c7e153..28c5fd0a1df59 100644 --- a/nixos/modules/services/security/authelia.nix +++ b/nixos/modules/services/security/authelia.nix @@ -336,7 +336,7 @@ in ProtectProc = "noaccess"; ProtectSystem = "strict"; - RestrictAddressFamilies = [ "AF_INET" "AF_INET6" ]; + RestrictAddressFamilies = [ "AF_INET" "AF_INET6" "AF_UNIX" ]; RestrictNamespaces = true; RestrictRealtime = true; RestrictSUIDSGID = true; |