Merge pull request #135472 from em0lar/paperless-ng/postgresql

nixos/paperless-ng: allow using postgresql via a unix socket
author: Martin Weinelt <mweinelt@users.noreply.github.com> 2021-08-23 23:28:33 +0200
committer: GitHub <noreply@github.com> 2021-08-23 23:28:33 +0200
commit: 699b4f6fee7be59d3be4aeffbf36e76fe6be0011 (patch)
tree: 72fb5a562867326110451af789e57c1cedd79206 /nixos
parent: 8056e5c346c6ed3955d00fd165df35ac6aebdc67 (diff)
parent: fa80ed695b44e91cb69ea087ef614cbb1a310286 (diff)
1 files changed, 2 insertions, 1 deletions
diff --git a/nixos/modules/services/misc/paperless-ng.nix b/nixos/modules/services/misc/paperless-ng.nix
index 9eaf8fa8859c..0434b222d334 100644
--- a/nixos/modules/services/misc/paperless-ng.nix
+++ b/nixos/modules/services/misc/paperless-ng.nix
@@ -29,6 +29,7 @@ let
       "-/etc/nsswitch.conf"
       "-/etc/hosts"
       "-/etc/localtime"
+      "-/run/postgresql"
     ];
     BindPaths = [
       cfg.consumptionDir
@@ -60,7 +61,7 @@ let
     ProtectKernelModules = true;
     ProtectKernelTunables = true;
     ProtectProc = "invisible";
-    RestrictAddressFamilies = [ "AF_INET" "AF_INET6" ];
+    RestrictAddressFamilies = [ "AF_UNIX" "AF_INET" "AF_INET6" ];
     RestrictNamespaces = true;
     RestrictRealtime = true;
     RestrictSUIDSGID = true;
author	Martin Weinelt <mweinelt@users.noreply.github.com>	2021-08-23 23:28:33 +0200
committer	GitHub <noreply@github.com>	2021-08-23 23:28:33 +0200
commit	699b4f6fee7be59d3be4aeffbf36e76fe6be0011 (patch)
tree	72fb5a562867326110451af789e57c1cedd79206 /nixos
parent	8056e5c346c6ed3955d00fd165df35ac6aebdc67 (diff)
parent	fa80ed695b44e91cb69ea087ef614cbb1a310286 (diff)