From d5bb5259e4ea86ab1e472dc4d1bcf897d0f6fba8 Mon Sep 17 00:00:00 2001
From: misuzu <bakalolka@gmail.com>
Date: Thu, 20 Apr 2023 13:55:09 +0300
Subject: nixos/netbird: allow configuring dns

---
 nixos/modules/services/networking/netbird.nix | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

(limited to 'nixos')

diff --git a/nixos/modules/services/networking/netbird.nix b/nixos/modules/services/networking/netbird.nix
index 5bd9e9ca61696..647c0ce3e6d1f 100644
--- a/nixos/modules/services/networking/netbird.nix
+++ b/nixos/modules/services/networking/netbird.nix
@@ -41,9 +41,10 @@ in {
       documentation = [ "https://netbird.io/docs/" ];
       after = [ "network.target" ];
       wantedBy = [ "multi-user.target" ];
+      path = with pkgs; [
+        openresolv
+      ];
       serviceConfig = {
-        AmbientCapabilities = [ "CAP_NET_ADMIN" ];
-        DynamicUser = true;
         Environment = [
           "NB_CONFIG=/var/lib/netbird/config.json"
           "NB_LOG_FILE=console"
-- 
cgit 1.4.1


From e41c5694290160d02ad776b1e4c446683f93225a Mon Sep 17 00:00:00 2001
From: Tom Hubrecht <tom@hubrecht.ovh>
Date: Thu, 20 Apr 2023 23:48:58 +0200
Subject: nixos/authelia: Allow using Unix sockets

---
 nixos/modules/services/security/authelia.nix | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'nixos')

diff --git a/nixos/modules/services/security/authelia.nix b/nixos/modules/services/security/authelia.nix
index 143c441c7e153..28c5fd0a1df59 100644
--- a/nixos/modules/services/security/authelia.nix
+++ b/nixos/modules/services/security/authelia.nix
@@ -336,7 +336,7 @@ in
             ProtectProc = "noaccess";
             ProtectSystem = "strict";
 
-            RestrictAddressFamilies = [ "AF_INET" "AF_INET6" ];
+            RestrictAddressFamilies = [ "AF_INET" "AF_INET6" "AF_UNIX" ];
             RestrictNamespaces = true;
             RestrictRealtime = true;
             RestrictSUIDSGID = true;
-- 
cgit 1.4.1