From 886ddd9a1a58fc17de2af13f892418f56e89a4bd Mon Sep 17 00:00:00 2001
From: Max <max@privatevoid.net>
Date: Sun, 10 Nov 2024 04:15:28 +0100
Subject: [PATCH] cluster/services/attic: enable @resources syscall group

---
 cluster/services/attic/server.nix | 1 +
 1 file changed, 1 insertion(+)

diff --git a/cluster/services/attic/server.nix b/cluster/services/attic/server.nix
index 39be7ce..2b9d790 100644
--- a/cluster/services/attic/server.nix
+++ b/cluster/services/attic/server.nix
@@ -65,6 +65,7 @@ in
     serviceConfig = {
       DynamicUser = lib.mkForce false;
       RestrictAddressFamilies = [ "AF_INET" "AF_INET6" "AF_UNIX" "AF_NETLINK" ];
+      SystemCallFilter = lib.mkAfter [ "@resources" ];
     };
     environment = {
       AWS_SHARED_CREDENTIALS_FILE = "/run/locksmith/garage-attic";