fujin/nixarr
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

change systemd config

Browse Source
This commit is contained in:
Rohan Datar
2025-01-12 16:01:27 -06:00
parent 112224eb75
commit 45a4997693
2 changed files with 19 additions and 17 deletions
Download Patch File Download Diff File Expand all files Collapse all files
nixarr/jellyseerr/default.nix
+2 -2
View File
@@ -91,8 +91,8 @@ in {
} }
]; ];
services.jellyseerr = { util-nixarr.services.jellyseerr = {
enable = cfg.enable; enable = true;
package = cfg.package; package = cfg.package;
openFirewall = cfg.openFirewall; openFirewall = cfg.openFirewall;
port = cfg.port; port = cfg.port;
nixarr/jellyseerr/jellyseerr-module/default.nix
+17 -15
View File
@@ -56,24 +56,26 @@ in {
serviceConfig = { serviceConfig = {
Type = "exec"; Type = "exec";
StateDirectory = "jellyseerr"; StateDirectory = "jellyseerr";
DynamicUser = false;
User = cfg.user; User = cfg.user;
Group = cfg.group;
ExecStart = lib.getExe cfg.package; ExecStart = lib.getExe cfg.package;
Restart = "on-failure"; Restart = "on-failure";
ProtectHome = true; # ProtectHome = true;
ProtectSystem = "strict"; # ProtectSystem = "strict";
PrivateTmp = true; # PrivateTmp = true;
PrivateDevices = true; # PrivateDevices = true;
ProtectHostname = true; # ProtectHostname = true;
ProtectClock = true; # ProtectClock = true;
ProtectKernelTunables = true; # ProtectKernelTunables = true;
ProtectKernelModules = true; # ProtectKernelModules = true;
ProtectKernelLogs = true; # ProtectKernelLogs = true;
ProtectControlGroups = true; # ProtectControlGroups = true;
NoNewPrivileges = true; # NoNewPrivileges = true;
RestrictRealtime = true; # RestrictRealtime = true;
RestrictSUIDSGID = true; # RestrictSUIDSGID = true;
RemoveIPC = true; # RemoveIPC = true;
PrivateMounts = true; # PrivateMounts = true;
}; };
}; };