From 29b53d934fb1e142706c804b81b8f622fe9dae80 Mon Sep 17 00:00:00 2001
From: Colin <colin@uninsane.org>
Date: Sat, 15 Jul 2023 09:07:57 +0000
Subject: [PATCH] trust-dns: apply PR feedback

---
 hosts/by-name/servo/services/trust-dns.nix | 6 ++++--
 nixpatches/list.nix                        | 4 ++--
 2 files changed, 6 insertions(+), 4 deletions(-)

diff --git a/hosts/by-name/servo/services/trust-dns.nix b/hosts/by-name/servo/services/trust-dns.nix
index 138dba6c..458771d4 100644
--- a/hosts/by-name/servo/services/trust-dns.nix
+++ b/hosts/by-name/servo/services/trust-dns.nix
@@ -9,6 +9,8 @@
     config.sane.hosts.by-name."servo".lan-ip
     "10.0.1.5"
   ];
+  # don't bind to IPv6 until i explicitly test that stack
+  services.trust-dns.settings.listen_addrs_ipv6 = [];
   services.trust-dns.quiet = true;
   # services.trust-dns.debug = true;
 
@@ -99,9 +101,9 @@
     '';
 
   systemd.services.trust-dns.serviceConfig = {
-    # ReadWritePaths = [ "/var/lib/trust-dns" ];
     DynamicUser = lib.mkForce false;
-    StateDirectory = "trust-dns";
+    User = "trust-dns";
+    Group = "trust-dns";
   };
   users.groups.trust-dns = {};
   users.users.trust-dns = {
diff --git a/nixpatches/list.nix b/nixpatches/list.nix
index e06b7e13..c84ce7ae 100644
--- a/nixpatches/list.nix
+++ b/nixpatches/list.nix
@@ -225,8 +225,8 @@ in [
   (fetchpatch' {
     title = "nixos/trust-dns: init";
     prUrl = "https://github.com/NixOS/nixpkgs/pull/243244";
-    saneCommit = "4c801fa25278faceb1ccb0273bc58111bfb3d42e";
-    hash = "sha256-CCj7qInTFkJrVBNbP9DJQYYsjWFvEyMlysuyYqoLG1k=";
+    saneCommit = "62e1ad47d09ac21901b43355b3c81ed5a1eede60";
+    hash = "sha256-cTqpmpIDUwdrlIPM8MWmylnxpv+x6qEcZ8ssJJVvgL8=";
   })
 
   # (fetchpatch' {