More derp? It's 5am...

1 files changed, 15 insertions, 11 deletions

diff --git a/nixos/modules/tasks/network-interfaces.nix b/nixos/modules/tasks/network-interfaces.nix
index a01bf21af51a..3ef0a2ee1a2f 100644
--- a/nixos/modules/tasks/network-interfaces.nix
+++ b/nixos/modules/tasks/network-interfaces.nix
@@ -898,23 +898,27 @@ in
 
     # Capabilities won't work unless we have at-least a 4.3 Linux
     # kernel because we need the ambient capability
-    security.wrappers = mkIf (versionAtLeast (getVersion config.boot.kernelPackages.kernel) "4.3") {
-      ping = {
-        source  = "${pkgs.iputils.out}/bin/ping";
-        capabilities = "cap_net_raw+p";
-      };
+    security = mkIf (versionAtLeast (getVersion config.boot.kernelPackages.kernel) "4.3") {
+      wrappers = {
+        ping = {
+          source  = "${pkgs.iputils.out}/bin/ping";
+          capabilities = "cap_net_raw+p";
+        };
 
-      ping6 = {
-        source  = "${pkgs.iputils.out}/bin/ping6";
-        capabilities = "cap_net_raw+p";
+        ping6 = {
+          source  = "${pkgs.iputils.out}/bin/ping6";
+          capabilities = "cap_net_raw+p";
+        };
       };
     };
 
     # If the linux kernel IS older than 4.3, create setuid wrappers
     # for ping and ping6
-    security.wrappers = mkIf (versionOlder (getVersion config.boot.kernelPackages.kernel) "4.3") {
-      ping.source = "${pkgs.iputils.out}/bin/ping";
-      "ping6".source = "${pkgs.iputils.out}/bin/ping6";
+    security = mkIf (versionOlder (getVersion config.boot.kernelPackages.kernel) "4.3") {
+      wrappers = {
+        ping.source = "${pkgs.iputils.out}/bin/ping";
+        "ping6".source = "${pkgs.iputils.out}/bin/ping6";
+      };
     };
 
     # Set the host and domain names in the activation script.  Don't