Merge pull request 'nachtigall: synapse security update' (#153) from chore/synapse-security-update into main

Reviewed-on: #153
Reviewed-by: Hendrik Sokolowski <hensoko@noreply.git.pub.solar>
This commit is contained in:
teutat3s 2024-04-26 20:48:19 +00:00
commit 505d0f34ea
Signed by: pub.solar gitea
GPG key ID: F0332B04B7054873
2 changed files with 12 additions and 17 deletions

View file

@ -180,11 +180,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1712386041, "lastModified": 1714043624,
"narHash": "sha256-dA82pOMQNnCJMAsPG7AXG35VmCSMZsJHTFlTHizpKWQ=", "narHash": "sha256-Xn2r0Jv95TswvPlvamCC46wwNo8ALjRCMBJbGykdhcM=",
"owner": "nix-community", "owner": "nix-community",
"repo": "home-manager", "repo": "home-manager",
"rev": "d6bb9f934f2870e5cbc5b94c79e9db22246141ff", "rev": "86853e31dc1b62c6eeed11c667e8cdd0285d4411",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -224,11 +224,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1713543876, "lastModified": 1713946171,
"narHash": "sha256-olEWxacm1xZhAtpq+ZkEyQgR4zgfE7ddpNtZNvubi3g=", "narHash": "sha256-lc75rgRQLdp4Dzogv5cfqOg6qYc5Rp83oedF2t0kDp8=",
"owner": "lnl7", "owner": "lnl7",
"repo": "nix-darwin", "repo": "nix-darwin",
"rev": "9e7c20ffd056e406ddd0276ee9d89f09c5e5f4ed", "rev": "230a197063de9287128e2c68a7a4b0cd7d0b50a7",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -255,11 +255,11 @@
}, },
"nixpkgs": { "nixpkgs": {
"locked": { "locked": {
"lastModified": 1713564160, "lastModified": 1713995372,
"narHash": "sha256-YguPZpiejgzLEcO36/SZULjJQ55iWcjAmf3lYiyV1Fo=", "narHash": "sha256-fFE3M0vCoiSwCX02z8VF58jXFRj9enYUSTqjyHAjrds=",
"owner": "nixos", "owner": "nixos",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "bc194f70731cc5d2b046a6c1b3b15f170f05999c", "rev": "dd37924974b9202f8226ed5d74a252a9785aedf8",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -405,11 +405,11 @@
}, },
"unstable": { "unstable": {
"locked": { "locked": {
"lastModified": 1713537308, "lastModified": 1713895582,
"narHash": "sha256-XtTSSIB2DA6tOv+l0FhvfDMiyCmhoRbNB+0SeInZkbk=", "narHash": "sha256-cfh1hi+6muQMbi9acOlju3V1gl8BEaZBXBR9jQfQi4U=",
"owner": "nixos", "owner": "nixos",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "5c24cf2f0a12ad855f444c30b2421d044120c66f", "rev": "572af610f6151fd41c212f897c71f7056e3fb518",
"type": "github" "type": "github"
}, },
"original": { "original": {

View file

@ -13,11 +13,6 @@ let
synapseClientPort = "${toString listenerWithClient.port}"; synapseClientPort = "${toString listenerWithClient.port}";
in in
{ {
systemd.services.matrix-appservice-irc.serviceConfig.SystemCallFilter = lib.mkForce [
"@system-service @pkey"
"~@privileged @resources"
"@chown"
];
services.matrix-appservice-irc = { services.matrix-appservice-irc = {
enable = true; enable = true;
localpart = "irc_bot"; localpart = "irc_bot";