From 72fbf05c17374b01abd7b6b1927de4146a7251eb Mon Sep 17 00:00:00 2001
From: Andreas Rammhold <andreas@rammhold.de>
Date: Sun, 1 Nov 2020 22:11:11 +0100
Subject: [PATCH] nixos/unbound: note about the AmbientCapabilities

---
 nixos/modules/services/networking/unbound.nix | 1 +
 1 file changed, 1 insertion(+)

diff --git a/nixos/modules/services/networking/unbound.nix b/nixos/modules/services/networking/unbound.nix
index bcb48678b212..bc2d5e550ba1 100644
--- a/nixos/modules/services/networking/unbound.nix
+++ b/nixos/modules/services/networking/unbound.nix
@@ -137,6 +137,7 @@ in
         NotifyAccess = "main";
         Type = "notify";
 
+        # FIXME: Which of these do we actualy need, can we drop the chroot flag?
         AmbientCapabilities = [
           "CAP_NET_BIND_SERVICE"
           "CAP_NET_RAW"