diff options
author | Artturin <Artturin@artturin.com> | 2023-04-18 20:14:03 +0300 |
---|---|---|
committer | Artturin <Artturin@artturin.com> | 2023-04-18 20:20:56 +0300 |
commit | eac28f38d6b78743accda7831613700cfd236a5c (patch) | |
tree | 1bc136bb032f404348d4da9d4d352bebe3aa8d69 /nixos | |
parent | 9984ca0504106c13f18fcef2c7d06bd8772306b4 (diff) |
treewide: fix lints
Arg to lib.optional is a list build time tool in buildInputs *Flags not a list https://github.com/nix-community/nixpkgs-lint
Diffstat (limited to 'nixos')
-rw-r--r-- | nixos/modules/services/networking/wstunnel.nix | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/nixos/modules/services/networking/wstunnel.nix b/nixos/modules/services/networking/wstunnel.nix index 440b617f60a39..067d5df487255 100644 --- a/nixos/modules/services/networking/wstunnel.nix +++ b/nixos/modules/services/networking/wstunnel.nix @@ -294,7 +294,7 @@ let DynamicUser = true; SupplementaryGroups = optional (serverCfg.useACMEHost != null) certConfig.group; PrivateTmp = true; - AmbientCapabilities = optional (serverCfg.listen.port < 1024) [ "CAP_NET_BIND_SERVICE" ]; + AmbientCapabilities = optionals (serverCfg.listen.port < 1024) [ "CAP_NET_BIND_SERVICE" ]; NoNewPrivileges = true; RestrictNamespaces = "uts ipc pid user cgroup"; ProtectSystem = "strict"; @@ -340,7 +340,7 @@ let EnvironmentFile = optional (clientCfg.environmentFile != null) clientCfg.environmentFile; DynamicUser = true; PrivateTmp = true; - AmbientCapabilities = (optional (clientCfg.soMark != null) [ "CAP_NET_ADMIN" ]) ++ (optional ((clientCfg.dynamicToRemote.port or 1024) < 1024 || (any (x: x.local.port < 1024) clientCfg.localToRemote)) [ "CAP_NET_BIND_SERVICE" ]); + AmbientCapabilities = (optionals (clientCfg.soMark != null) [ "CAP_NET_ADMIN" ]) ++ (optionals ((clientCfg.dynamicToRemote.port or 1024) < 1024 || (any (x: x.local.port < 1024) clientCfg.localToRemote)) [ "CAP_NET_BIND_SERVICE" ]); NoNewPrivileges = true; RestrictNamespaces = "uts ipc pid user cgroup"; ProtectSystem = "strict"; |