From 695fd78ac45763b02ae4c68abda28974bb72c96b Mon Sep 17 00:00:00 2001
From: Emily <vcs@emily.moe>
Date: Mon, 23 Mar 2020 17:58:36 +0000
Subject: nixos/tests/acme: use CAP_NET_BIND_SERVICE

---
 nixos/tests/common/acme/server/default.nix | 3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)

(limited to 'nixos/tests/common')

diff --git a/nixos/tests/common/acme/server/default.nix b/nixos/tests/common/acme/server/default.nix
index fdc053a2d828..1d6c2cc9d30a 100644
--- a/nixos/tests/common/acme/server/default.nix
+++ b/nixos/tests/common/acme/server/default.nix
@@ -126,8 +126,7 @@ in {
         '';
         serviceConfig = {
           # Required to bind on privileged ports.
-          User = "root";
-          Group = "root";
+          AmbientCapabilities = [ "CAP_NET_BIND_SERVICE" ];
         };
       };
     };
-- 
cgit v1.2.3