From 2fa3ccf28e508b6e99a84ef1b6606bf8851ace9a Mon Sep 17 00:00:00 2001 From: teutat3s Date: Sat, 27 Apr 2024 01:44:20 +0200 Subject: [PATCH] Revert "matrix-appservice-irc: remove unneeded syscall override" This reverts commit a11255b433f96a3a024aabd2c2e515ec7768b808. --- hosts/nachtigall/apps/matrix/irc.nix | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/hosts/nachtigall/apps/matrix/irc.nix b/hosts/nachtigall/apps/matrix/irc.nix index defe991..fb2c1e0 100644 --- a/hosts/nachtigall/apps/matrix/irc.nix +++ b/hosts/nachtigall/apps/matrix/irc.nix @@ -13,6 +13,11 @@ let synapseClientPort = "${toString listenerWithClient.port}"; in { + systemd.services.matrix-appservice-irc.serviceConfig.SystemCallFilter = lib.mkForce [ + "@system-service @pkey" + "~@privileged @resources" + "@chown" + ]; services.matrix-appservice-irc = { enable = true; localpart = "irc_bot"; -- 2.44.2