dev/nixpkgs
1
0
Fork 0
Code Issues Pull Requests Actions2 Packages Projects Releases Wiki Activity

nixos/acme: make address families in systemd service less restrictive

Browse Source 
This change is to support LEGO's capability to spawn an external process that
solves the DNS-01 challenge. In particular, this enables a setup where LEGO
runs a shell script that uses nsd-control to add an appropriate zone to a
local NSD instance.

(cherry picked from commit d9bf91700e)
This commit is contained in:
Malte Voos 2024-11-19 01:40:59 +01:00 committed by github-actions[bot]
parent bdb84ef77d
commit 9018408f4a
1 changed files with 2 additions and 0 deletions

2
nixos/modules/security/acme/default.nix
View File

@ -87,6 +87,8 @@ let
RestrictAddressFamilies = [
"AF_INET"
"AF_INET6"
"AF_UNIX"
"AF_NETLINK"
];
RestrictNamespaces = true;
RestrictRealtime = true;