From 45a4997693ce502408ed4928e969e2593784376d Mon Sep 17 00:00:00 2001 From: Rohan Datar Date: Sun, 12 Jan 2025 16:01:27 -0600 Subject: [PATCH] change systemd config --- nixarr/jellyseerr/default.nix | 4 +-- .../jellyseerr/jellyseerr-module/default.nix | 32 ++++++++++--------- 2 files changed, 19 insertions(+), 17 deletions(-) diff --git a/nixarr/jellyseerr/default.nix b/nixarr/jellyseerr/default.nix index c779d72..494352a 100644 --- a/nixarr/jellyseerr/default.nix +++ b/nixarr/jellyseerr/default.nix @@ -91,8 +91,8 @@ in { } ]; - services.jellyseerr = { - enable = cfg.enable; + util-nixarr.services.jellyseerr = { + enable = true; package = cfg.package; openFirewall = cfg.openFirewall; port = cfg.port; diff --git a/nixarr/jellyseerr/jellyseerr-module/default.nix b/nixarr/jellyseerr/jellyseerr-module/default.nix index e0000fd..8f4b74b 100644 --- a/nixarr/jellyseerr/jellyseerr-module/default.nix +++ b/nixarr/jellyseerr/jellyseerr-module/default.nix @@ -56,24 +56,26 @@ in { serviceConfig = { Type = "exec"; StateDirectory = "jellyseerr"; + DynamicUser = false; User = cfg.user; + Group = cfg.group; ExecStart = lib.getExe cfg.package; Restart = "on-failure"; - ProtectHome = true; - ProtectSystem = "strict"; - PrivateTmp = true; - PrivateDevices = true; - ProtectHostname = true; - ProtectClock = true; - ProtectKernelTunables = true; - ProtectKernelModules = true; - ProtectKernelLogs = true; - ProtectControlGroups = true; - NoNewPrivileges = true; - RestrictRealtime = true; - RestrictSUIDSGID = true; - RemoveIPC = true; - PrivateMounts = true; + # ProtectHome = true; + # ProtectSystem = "strict"; + # PrivateTmp = true; + # PrivateDevices = true; + # ProtectHostname = true; + # ProtectClock = true; + # ProtectKernelTunables = true; + # ProtectKernelModules = true; + # ProtectKernelLogs = true; + # ProtectControlGroups = true; + # NoNewPrivileges = true; + # RestrictRealtime = true; + # RestrictSUIDSGID = true; + # RemoveIPC = true; + # PrivateMounts = true; }; };