From 34287c34d2c0bb1129db0541cfa88b9688db519b Mon Sep 17 00:00:00 2001
From: Noa Aarts <noa@voorwaarts.nl>
Date: Fri, 14 Mar 2025 10:18:13 +0100
Subject: [PATCH] restrict access to address families

---
 hosts/nuos/configuration.nix | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/hosts/nuos/configuration.nix b/hosts/nuos/configuration.nix
index f8386f2..a7f5b76 100644
--- a/hosts/nuos/configuration.nix
+++ b/hosts/nuos/configuration.nix
@@ -193,6 +193,8 @@ in
         ProtectHostname = true;
         PrivateTmp = true;
         PrivateDevices = true;
+        PrivateUsers = true;
+        RestrictAddressFamilies = "AF_INET";
         ProtectKernelTunables = true;
         RestrictNamespaces = true;
         CapabilityBoundingSet = "";