all repos — nix-packages @ 6196624b80c113735ffd5382741b658005a48aff

My personal collection of packages for nix

git-pr: enable binding on low ports

Alan Pearce
commit

6196624b80c113735ffd5382741b658005a48aff

parent

75086aac813ec191a9aa5b2f238bc78f4d824276

1 file changed, 10 insertions(+), 0 deletions(-)

changed files
M modules/nixos/git-pr.nixmodules/nixos/git-pr.nix
@@ -142,6 +142,16 @@ WorkingDirectory = cfg.homeDir;
           ExecStart = "${cfg.package}/bin/git-pr --config ${configFile}";
           ExecStartPre = "${pkgs.coreutils}/bin/install -d -m 755 ${cfg.homeDir}/data";
           Restart = "always";
+
+          RestrictAddressFamilies = [
+            "AF_UNIX"
+            "AF_INET"
+            "AF_INET6"
+          ];
+        }
+        // lib.optionalAttrs (cfg.settings.web_port < 1024 || cfg.settings.ssh_port < 1024) {
+          AmbientCapabilities = [ "CAP_NET_BIND_SERVICE" ];
+          CapabilityBoundingSet = [ "CAP_NET_BIND_SERVICE" ];
         };
     };
   };