From 78117b0d6839f09b17b9d64700175036cdbe14fa Mon Sep 17 00:00:00 2001
From: Robin Appelman <robin@icewind.nl>
Date: Sun, 31 May 2026 16:23:45 +0200
Subject: [PATCH] module tweaks

---
 flake.lock     | 8 ++++----
 flake.nix      | 2 +-
 nix/module.nix | 3 +--
 3 files changed, 6 insertions(+), 7 deletions(-)

diff --git a/flake.lock b/flake.lock
index 2daf2cf..422b011 100644
--- a/flake.lock
+++ b/flake.lock
@@ -59,16 +59,16 @@
     },
     "nixpkgs": {
       "locked": {
-        "lastModified": 1778430510,
-        "narHash": "sha256-Ti+ZBvW6yrWWAg2szExVTwCd4qOJ3KlVr1tFHfyfi8Q=",
+        "lastModified": 1780051219,
+        "narHash": "sha256-WnxzG4x47uCgjz+uD+vOzbF+Qid+hKyYdJWbduA9w7g=",
         "owner": "NixOS",
         "repo": "nixpkgs",
-        "rev": "8fd9daa3db09ced9700431c5b7ad0e8ba199b575",
+        "rev": "e8e446a361172fe838243958325845d0b845c5e5",
         "type": "github"
       },
       "original": {
         "id": "nixpkgs",
-        "ref": "nixos-25.11",
+        "ref": "nixos-26.05",
         "type": "indirect"
       }
     },
diff --git a/flake.nix b/flake.nix
index 3078b6d..89c9b26 100644
--- a/flake.nix
+++ b/flake.nix
@@ -1,6 +1,6 @@
 {
   inputs = {
-    nixpkgs.url = "nixpkgs/nixos-25.11";
+    nixpkgs.url = "nixpkgs/nixos-26.05";
     flakelight = {
       url = "github:nix-community/flakelight";
       inputs.nixpkgs.follows = "nixpkgs";
diff --git a/nix/module.nix b/nix/module.nix
index 465bc90..fcc247a 100644
--- a/nix/module.nix
+++ b/nix/module.nix
@@ -90,11 +90,10 @@ in {
         ProtectHostname = true;
         LockPersonality = true;
         ProtectKernelTunables = true;
-        RestrictAddressFamilies = "AF_INET AF_INET6";
+        RestrictAddressFamilies = ["AF_INET" "AF_INET6" "AF_NETLINK"];
         RestrictRealtime = true;
         ProtectProc = "noaccess";
         SystemCallFilter = ["@system-service" "~@resources" "~@privileged"];
-        IPAddressDeny = "localhost link-local multicast";
       };
     };