From dffba14043168d767a12ff86c39464b8503d3d29 Mon Sep 17 00:00:00 2001
From: Benjamin Saunders <ben.e.saunders@gmail.com>
Date: Sat, 2 Dec 2023 12:03:58 -0800
Subject: [PATCH] nixos/matrix-appservice-irc: fix syscall filter

The pre-start script requires @chown; the service fails without it.
---
 nixos/modules/services/matrix/appservice-irc.nix | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/nixos/modules/services/matrix/appservice-irc.nix b/nixos/modules/services/matrix/appservice-irc.nix
index d153ffc2ace8..c79cd799b4d0 100644
--- a/nixos/modules/services/matrix/appservice-irc.nix
+++ b/nixos/modules/services/matrix/appservice-irc.nix
@@ -214,7 +214,7 @@ in {
         RestrictRealtime = true;
         PrivateMounts = true;
         SystemCallFilter = [
-          "@system-service @pkey"
+          "@system-service @pkey @chown"
           "~@privileged @resources"
         ];
         SystemCallArchitectures = "native";