How do I set process capabilities?

I’ve moved SSH on my machine to a different port and am now trying to let gitea listen on 22 for git push.

I don’t see any information about how to allow a non-root user to open a low-numbered port in nixos. What do I need to do?


Random example:

ah, neat! How would I go about that as a user of the gitea config? I’m not sure what overrides I’d need to specify.

I have never used the gitea builtin ssh server but after taking a quick glance at the documentation you probably have something like this in your configuration.nix already:

services.gitea.extraConfig = ''

Assuming gitea doesn’t have a separate executable for the builtin ssh server you should add something like this to your configuration.nix: = {
  AmbientCapabilities = "cap_net_bind_service";
  CapabilityBoundingSet = "cap_net_bind_service";

Let me know if it works :+1:

1 Like

thank you so much, that works great :smile:

I forgot that you can merge stuff like that! So great.