From 255882fbcc64a9c210d5b1bba78a0ddba7ed352d Mon Sep 17 00:00:00 2001
From: Alexandre Macabies <web+oss@zopieux.com>
Date: Sun, 27 Sep 2020 20:54:04 +0200
Subject: [PATCH] nixos/snapserver: add AF_NETLINK to allowed address families

This is necessary for Librespot, which is spawned by snapserver in the
same cgroup. Librespot requires querying local ip links and addresses
for MDNS (Zeroconf/Avahi), and does so through NETLINK interface.
---
 nixos/modules/services/audio/snapserver.nix | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/nixos/modules/services/audio/snapserver.nix b/nixos/modules/services/audio/snapserver.nix
index b207fd30e22..0acaccfd3ca 100644
--- a/nixos/modules/services/audio/snapserver.nix
+++ b/nixos/modules/services/audio/snapserver.nix
@@ -286,7 +286,7 @@ in {
         ProtectKernelTunables = true;
         ProtectControlGroups = true;
         ProtectKernelModules = true;
-        RestrictAddressFamilies = "AF_INET AF_INET6 AF_UNIX";
+        RestrictAddressFamilies = "AF_INET AF_INET6 AF_UNIX AF_NETLINK";
         RestrictNamespaces = true;
         RuntimeDirectory = name;
         StateDirectory = name;