summary refs log tree commit diff
path: root/nixos/modules/services/misc/paperless.nix
diff options
context:
space:
mode:
Diffstat (limited to 'nixos/modules/services/misc/paperless.nix')
-rw-r--r--nixos/modules/services/misc/paperless.nix5
1 files changed, 3 insertions, 2 deletions
diff --git a/nixos/modules/services/misc/paperless.nix b/nixos/modules/services/misc/paperless.nix
index 9e554b93fc8..b1cf72258d1 100644
--- a/nixos/modules/services/misc/paperless.nix
+++ b/nixos/modules/services/misc/paperless.nix
@@ -286,12 +286,13 @@ in
         '';
         Restart = "on-failure";
 
-        AmbientCapabilities = "CAP_NET_BIND_SERVICE";
-        CapabilityBoundingSet = "CAP_NET_BIND_SERVICE";
         # gunicorn needs setuid, liblapack needs mbind
         SystemCallFilter = defaultServiceConfig.SystemCallFilter ++ [ "@setuid mbind" ];
         # Needs to serve web page
         PrivateNetwork = false;
+      } // lib.optionalAttrs (cfg.port < 1024) {
+        AmbientCapabilities = [ "CAP_NET_BIND_SERVICE" ];
+        CapabilityBoundingSet = [ "CAP_NET_BIND_SERVICE" ];
       };
       environment = env // {
         PATH = mkForce cfg.package.path;
generated by cgit-pink 1.4.1 (git 2.36.1) at 2024-06-15 00:25:52 +0000