From 996f9e4f289d94e96551d4c07a1a88a29dcf15b9 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Sandro=20J=C3=A4ckel?= <sandro.jaeckel@gmail.com>
Date: Fri, 29 Nov 2024 00:40:33 +0100
Subject: [PATCH] nixos/nginx: don't disable IPC

This also disables the memfd_create syscall which is required for
certain regex's when using pcre2.

see https://github.com/NixOS/nixpkgs/pull/355989#issuecomment-2506841275
---
 nixos/modules/services/web-servers/nginx/default.nix | 3 +--
 pkgs/servers/http/nginx/modules.nix                  | 1 -
 2 files changed, 1 insertion(+), 3 deletions(-)

diff --git a/nixos/modules/services/web-servers/nginx/default.nix b/nixos/modules/services/web-servers/nginx/default.nix
index 922df1ea03ab..145c86028de8 100644
--- a/nixos/modules/services/web-servers/nginx/default.nix
+++ b/nixos/modules/services/web-servers/nginx/default.nix
@@ -1305,8 +1305,7 @@ in
         # System Call Filtering
         SystemCallArchitectures = "native";
         SystemCallFilter = [ "~@cpu-emulation @debug @keyring @mount @obsolete @privileged @setuid" ]
-          ++ optional cfg.enableQuicBPF [ "bpf" ]
-          ++ optionals ((cfg.package != pkgs.tengine) && (cfg.package != pkgs.openresty) && (!lib.any (mod: (mod.disableIPC or false)) cfg.package.modules)) [ "~@ipc" ];
+          ++ optional cfg.enableQuicBPF [ "bpf" ];
       };
     };
 
diff --git a/pkgs/servers/http/nginx/modules.nix b/pkgs/servers/http/nginx/modules.nix
index 3a29bd72b44e..3e3b59cb3c79 100644
--- a/pkgs/servers/http/nginx/modules.nix
+++ b/pkgs/servers/http/nginx/modules.nix
@@ -439,7 +439,6 @@ let self = {
     };
 
     inputs = [ curl geoip libmodsecurity libxml2 lmdb yajl ];
-    disableIPC = true;
 
     meta = with lib; {
       description = "Open source, cross platform web application firewall (WAF)";