From 59dbe319cec232cf2604fa2ca8f018a05a0eb88a Mon Sep 17 00:00:00 2001
From: Izorkin <izorkin@elven.pw>
Date: Sun, 15 Jan 2023 23:46:22 +0300
Subject: [PATCH] nixos/gitea: update SystemCallFilter

---
 nixos/modules/services/networking/ntp/chrony.nix | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/nixos/modules/services/networking/ntp/chrony.nix b/nixos/modules/services/networking/ntp/chrony.nix
index 69f0b36bf2a2..6c8d7b985d5f 100644
--- a/nixos/modules/services/networking/ntp/chrony.nix
+++ b/nixos/modules/services/networking/ntp/chrony.nix
@@ -203,7 +203,7 @@ in
           PrivateMounts = true;
           # System Call Filtering
           SystemCallArchitectures = "native";
-          SystemCallFilter = [ "~@cpu-emulation @debug @keyring @mount @obsolete @privileged @resources" "@clock" "@setuid" "capset" "chown" ];
+          SystemCallFilter = [ "~@cpu-emulation @debug @keyring @mount @obsolete @privileged @resources" "@clock" "@setuid" "capset" "chown" ] ++ lib.optional pkgs.stdenv.hostPlatform.isAarch64 "fchownat";
         };
       };
   };