From 1655d5ab7a7a259f53393a369459ff533fcce9e6 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Jakub=20Oko=C5=84ski?= <jakub@okonski.org>
Date: Sun, 18 Sep 2022 23:17:50 +0200
Subject: [PATCH] nixos/rust-motd: fix systemd service checks

By completely locking down RestrictAddressFamilies, the service
was unable to talk to systemd to check .service statuses.
---
 nixos/modules/programs/rust-motd.nix | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/nixos/modules/programs/rust-motd.nix b/nixos/modules/programs/rust-motd.nix
index f89b5e03838..d5f1820ba75 100644
--- a/nixos/modules/programs/rust-motd.nix
+++ b/nixos/modules/programs/rust-motd.nix
@@ -69,7 +69,7 @@ in {
         ProtectKernelTunables = true;
         ProtectSystem = "full";
         StateDirectory = "rust-motd";
-        RestrictAddressFamilies = "none";
+        RestrictAddressFamilies = [ "AF_UNIX" ];
         RestrictNamespaces = true;
         RestrictRealtime = true;
         RestrictSUIDSGID = true;