Merge pull request 'nachtigall: synapse security update' (#153) from chore/synapse-security-update into main

Reviewed-on: pub-solar/infra#153 Reviewed-by: Hendrik Sokolowski <hensoko@noreply.git.pub.solar>
2024-04-26 20:48:19 +00:00 · 2024-04-26 20:48:19 +00:00 · 505d0f34ea
parent d62b6cda92 ddc5c65bf7
commit 505d0f34ea
2 changed files with 12 additions and 17 deletions
--- a/flake.lock
+++ b/flake.lock
@ -180,11 +180,11 @@
        ]
      },
      "locked": {
-        "lastModified": 1712386041,
-        "narHash": "sha256-dA82pOMQNnCJMAsPG7AXG35VmCSMZsJHTFlTHizpKWQ=",
+        "lastModified": 1714043624,
+        "narHash": "sha256-Xn2r0Jv95TswvPlvamCC46wwNo8ALjRCMBJbGykdhcM=",
        "owner": "nix-community",
        "repo": "home-manager",
-        "rev": "d6bb9f934f2870e5cbc5b94c79e9db22246141ff",
+        "rev": "86853e31dc1b62c6eeed11c667e8cdd0285d4411",
        "type": "github"
      },
      "original": {
@ -224,11 +224,11 @@
        ]
      },
      "locked": {
-        "lastModified": 1713543876,
-        "narHash": "sha256-olEWxacm1xZhAtpq+ZkEyQgR4zgfE7ddpNtZNvubi3g=",
+        "lastModified": 1713946171,
+        "narHash": "sha256-lc75rgRQLdp4Dzogv5cfqOg6qYc5Rp83oedF2t0kDp8=",
        "owner": "lnl7",
        "repo": "nix-darwin",
-        "rev": "9e7c20ffd056e406ddd0276ee9d89f09c5e5f4ed",
+        "rev": "230a197063de9287128e2c68a7a4b0cd7d0b50a7",
        "type": "github"
      },
      "original": {
@ -255,11 +255,11 @@
    },
    "nixpkgs": {
      "locked": {
-        "lastModified": 1713564160,
-        "narHash": "sha256-YguPZpiejgzLEcO36/SZULjJQ55iWcjAmf3lYiyV1Fo=",
+        "lastModified": 1713995372,
+        "narHash": "sha256-fFE3M0vCoiSwCX02z8VF58jXFRj9enYUSTqjyHAjrds=",
        "owner": "nixos",
        "repo": "nixpkgs",
-        "rev": "bc194f70731cc5d2b046a6c1b3b15f170f05999c",
+        "rev": "dd37924974b9202f8226ed5d74a252a9785aedf8",
        "type": "github"
      },
      "original": {
@ -405,11 +405,11 @@
    },
    "unstable": {
      "locked": {
-        "lastModified": 1713537308,
-        "narHash": "sha256-XtTSSIB2DA6tOv+l0FhvfDMiyCmhoRbNB+0SeInZkbk=",
+        "lastModified": 1713895582,
+        "narHash": "sha256-cfh1hi+6muQMbi9acOlju3V1gl8BEaZBXBR9jQfQi4U=",
        "owner": "nixos",
        "repo": "nixpkgs",
-        "rev": "5c24cf2f0a12ad855f444c30b2421d044120c66f",
+        "rev": "572af610f6151fd41c212f897c71f7056e3fb518",
        "type": "github"
      },
      "original": {
--- a/hosts/nachtigall/apps/matrix/irc.nix
+++ b/hosts/nachtigall/apps/matrix/irc.nix
@ -13,11 +13,6 @@ let
  synapseClientPort = "${toString listenerWithClient.port}";
 in
 {
-  systemd.services.matrix-appservice-irc.serviceConfig.SystemCallFilter = lib.mkForce [
-    "@system-service @pkey"
-    "~@privileged @resources"
-    "@chown"
-  ];
  services.matrix-appservice-irc = {
    enable = true;
    localpart = "irc_bot";