From 9b8fd74d68fca9eace442379fc74b80bbab894c1 Mon Sep 17 00:00:00 2001
From: MidAutumnMoon <me@418.im>
Date: Tue, 25 Oct 2022 16:47:46 +0800
Subject: [PATCH] nixos/nats: set proper SystemCallFilter

---
 nixos/modules/services/networking/nats.nix | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/nixos/modules/services/networking/nats.nix b/nixos/modules/services/networking/nats.nix
index dd732d2a9fca..6c21e21b5cb8 100644
--- a/nixos/modules/services/networking/nats.nix
+++ b/nixos/modules/services/networking/nats.nix
@@ -137,7 +137,7 @@ in {
           RestrictNamespaces = true;
           RestrictRealtime = true;
           RestrictSUIDSGID = true;
-          SystemCallFilter = [ "@system-service" "~@privileged" "~@resources" ];
+          SystemCallFilter = [ "@system-service" "~@privileged" ];
           UMask = "0077";
         }
       ];