services/nginx: allow IPC again

Necessary due to the switch to pcre2 in the package. Adopted from the upstream module, see NixOS/nixpkgs@9e66870
flyingcircusio · Dec 17, 2024 · 5b61ec7 · 5b61ec7
1 parent 467a92e
commit 5b61ec7
Showing 1 changed file with 1 addition and 2 deletions.
diff --git a/nixos/services/nginx/base-module.nix b/nixos/services/nginx/base-module.nix
@@ -1442,8 +1442,7 @@ in
           # System Call Filtering
           SystemCallArchitectures = "native";
           SystemCallFilter = [ "~@cpu-emulation @debug @keyring @mount @obsolete @privileged @setuid" ]
-            ++ optional cfg.enableQuicBPF [ "bpf" ]
-            ++ optionals ((cfg.package != pkgs.tengine) && (cfg.package != pkgs.openresty) && (!lib.any (mod: (mod.disableIPC or false)) cfg.package.modules)) [ "~@ipc" ];
+            ++ optional cfg.enableQuicBPF [ "bpf" ];
         };
       };
       # reload config before acme renewals, to ensure new vhosts are actually activated from the config file