allow gpg to run

2022-07-04 10:37:19 +01:00 · 2022-07-04 10:37:19 +01:00 · 4958fe6a68
commit 4958fe6a68
parent 7a03c771ff
1 changed files with 3 additions and 0 deletions
--- a/modules/gitea.nix
+++ b/modules/gitea.nix
@ -34,6 +34,9 @@ in {
  config = mkIf cfg.enable {
    systemd.services.gitea = {
      path = [ pkgs.gnupg ];
+      serviceConfig = {
+        SystemCallFilter = mkForce "~@clock @cpu-emulation @debug @module @mount @obsolete @raw-io @reboot @resources @setuid @swap";
+      };
      # In older versions the secret naming for JWT was kind of confusing.
      # The file jwt_secret hold the value for LFS_JWT_SECRET and JWT_SECRET
      # wasn't persistant at all.