From 3a12a3f53a485083052621ed803a8dc269d99df2 Mon Sep 17 00:00:00 2001
From: Simon Bruder <simon@sbruder.de>
Date: Wed, 4 Oct 2023 17:01:35 +0200
Subject: [PATCH] qbittorrent: Avoid using nscd

---
 modules/qbittorrent/default.nix | 10 ++++++++++
 1 file changed, 10 insertions(+)

diff --git a/modules/qbittorrent/default.nix b/modules/qbittorrent/default.nix
index ad41ba2..b0a2a45 100644
--- a/modules/qbittorrent/default.nix
+++ b/modules/qbittorrent/default.nix
@@ -94,6 +94,16 @@ in
           # Increase number of open file descriptors (default: 1024)
           LimitNOFILE = 65536;
 
+          # Avoid using nscd (leaks dns)
+          InaccessiblePaths = [
+            "/run/nscd"
+          ];
+          # Make correct resolv.conf available for unit
+          BindReadOnlyPaths = [
+            "/etc/netns/qbittorrent/resolv.conf:/etc/resolv.conf"
+          ];
+
+
           # systemd-analyze --no-pager security qbittorrent.service
           CapabilityBoundingSet = null;
           PrivateDevices = true;