Merge pull request #268634 from tie/redis-restrict-address-families

nixos/redis: loosen systemd address family restrictions
author: Mario Rodas <marsam@users.noreply.github.com> 2023-11-27 20:06:29 -0500
committer: GitHub <noreply@github.com> 2023-11-27 20:06:29 -0500
commit: 3dba8d6fdb26485fb15c11ae52274c53de308347 (patch)
tree: 5c51b0ba1582c55a5cafce87d03aa7aa22596abf /nixos/modules/services/databases
parent: 9b696e80b8f5020aace5769f5aece24b26a05c42 (diff)
parent: 5c898bec57e89cd4ceaf8d18140773fdba2447c8 (diff)
1 files changed, 1 insertions, 3 deletions
diff --git a/nixos/modules/services/databases/redis.nix b/nixos/modules/services/databases/redis.nix
index 315a0282cd73..4a5c19240ec6 100644
--- a/nixos/modules/services/databases/redis.nix
+++ b/nixos/modules/services/databases/redis.nix
@@ -393,9 +393,7 @@ in {
         ProtectKernelModules = true;
         ProtectKernelTunables = true;
         ProtectControlGroups = true;
-        RestrictAddressFamilies =
-          optionals (conf.port != 0) ["AF_INET" "AF_INET6"] ++
-          optional (conf.unixSocket != null) "AF_UNIX";
+        RestrictAddressFamilies = [ "AF_INET" "AF_INET6" "AF_UNIX" ];
         RestrictNamespaces = true;
         LockPersonality = true;
         MemoryDenyWriteExecute = true;
author	Mario Rodas <marsam@users.noreply.github.com>	2023-11-27 20:06:29 -0500
committer	GitHub <noreply@github.com>	2023-11-27 20:06:29 -0500
commit	3dba8d6fdb26485fb15c11ae52274c53de308347 (patch)
tree	5c51b0ba1582c55a5cafce87d03aa7aa22596abf /nixos/modules/services/databases
parent	9b696e80b8f5020aace5769f5aece24b26a05c42 (diff)
parent	5c898bec57e89cd4ceaf8d18140773fdba2447c8 (diff)