commit ecacff35a6803be8ec93a261cf9836ccd26012aa · pyrox.dev/nixpkgs

pyrox.dev / nixpkgs

lol

nixos/paperless: add required syscall

`unpaper` requires syscall 238 (`set_mempolicy`).
Add this by un-blocking the systemd syscall filter set `@resources`
which is safe in the context of paperless.

Erik Arvstedt 3 years ago ecacff35 57e15d64

options

unified split

Changed files

+1 -1

nixos

modules

services

misc

paperless.nix

+1 -1

nixos/modules/services/misc/paperless.nix

···

       80
       80
        
           RestrictSUIDSGID = true;

     

       81
       81
        
           SupplementaryGroups = optional enableRedis redisServer.user;

     

       82
       82
        
           SystemCallArchitectures = "native";

     

       83
       83
       -
           SystemCallFilter = [ "@system-service" "~@privileged @resources @setuid @keyring" ];

     

       83
       83
       +
           SystemCallFilter = [ "@system-service" "~@privileged @setuid @keyring" ];

     

       84
       84
        
           # Does not work well with the temporary root

     

       85
       85
        
           #UMask = "0066";

     

       86
       86
        
         };