From 718dcae809312d142b49e166005a21aaf604d468 Mon Sep 17 00:00:00 2001
From: wo2wz <189177184+wo2wz@users.noreply.github.com>
Date: Sun, 21 Dec 2025 16:23:11 -0500
Subject: [PATCH] velocity: DevicePolicy strict -> closed

this worked previously on the container because its a container and /dev/* access is managed by proxmox, but it doesnt work now because it blocks access to devices including /dev/null which is used for stdin by default
---
 modules/nixos/services/gameserver/velocity.nix | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/modules/nixos/services/gameserver/velocity.nix b/modules/nixos/services/gameserver/velocity.nix
index b75a41d..ad2048e 100644
--- a/modules/nixos/services/gameserver/velocity.nix
+++ b/modules/nixos/services/gameserver/velocity.nix
@@ -134,7 +134,7 @@
       # hardening
       CapabilityBoundingSet = [ "" ];
       DeviceAllow = [ "" ];
-      DevicePolicy = "strict";
+      DevicePolicy = "closed";
       LockPersonality = true;
       NoNewPrivileges = true;
       PrivateDevices = true;
@@ -164,4 +164,4 @@
       UMask = "0077";
     };
   };
-}
\ No newline at end of file
+}