module tweaks

2026-06-03 09:54:18 +02:00 · 2026-05-31 16:23:45 +02:00 · 2026-05-31 16:23:45 +02:00 · 78117b0d68
commit 78117b0d68
parent 4b3d131072
3 changed files with 6 additions and 7 deletions
--- a/flake.lock
+++ b/flake.lock
@ -59,16 +59,16 @@
    },
    "nixpkgs": {
      "locked": {
-        "lastModified": 1778430510,
-        "narHash": "sha256-Ti+ZBvW6yrWWAg2szExVTwCd4qOJ3KlVr1tFHfyfi8Q=",
+        "lastModified": 1780051219,
+        "narHash": "sha256-WnxzG4x47uCgjz+uD+vOzbF+Qid+hKyYdJWbduA9w7g=",
        "owner": "NixOS",
        "repo": "nixpkgs",
-        "rev": "8fd9daa3db09ced9700431c5b7ad0e8ba199b575",
+        "rev": "e8e446a361172fe838243958325845d0b845c5e5",
        "type": "github"
      },
      "original": {
        "id": "nixpkgs",
-        "ref": "nixos-25.11",
+        "ref": "nixos-26.05",
        "type": "indirect"
      }
    },
--- a/flake.nix
+++ b/flake.nix
@ -1,6 +1,6 @@
 {
  inputs = {
-    nixpkgs.url = "nixpkgs/nixos-25.11";
+    nixpkgs.url = "nixpkgs/nixos-26.05";
    flakelight = {
      url = "github:nix-community/flakelight";
      inputs.nixpkgs.follows = "nixpkgs";
--- a/nix/module.nix
+++ b/nix/module.nix
@ -90,11 +90,10 @@ in {
        ProtectHostname = true;
        LockPersonality = true;
        ProtectKernelTunables = true;
-        RestrictAddressFamilies = "AF_INET AF_INET6";
+        RestrictAddressFamilies = ["AF_INET" "AF_INET6" "AF_NETLINK"];
        RestrictRealtime = true;
        ProtectProc = "noaccess";
        SystemCallFilter = ["@system-service" "~@resources" "~@privileged"];
-        IPAddressDeny = "localhost link-local multicast";
      };
    };