change systemd config

nixarr/jellyseerr/default.nix

@@ -91,8 +91,8 @@ in {
       }
     ];
 
-    services.jellyseerr = {
-      enable = cfg.enable;
+    util-nixarr.services.jellyseerr = {
+      enable = true;
       package = cfg.package;
       openFirewall = cfg.openFirewall;
       port = cfg.port;

nixarr/jellyseerr/jellyseerr-module/default.nix

@@ -56,24 +56,26 @@ in {
       serviceConfig = {
         Type = "exec";
         StateDirectory = "jellyseerr";
+        DynamicUser = false;
         User = cfg.user;
+        Group = cfg.group;
         ExecStart = lib.getExe cfg.package;
         Restart = "on-failure";
-        ProtectHome = true;
-        ProtectSystem = "strict";
-        PrivateTmp = true;
-        PrivateDevices = true;
-        ProtectHostname = true;
-        ProtectClock = true;
-        ProtectKernelTunables = true;
-        ProtectKernelModules = true;
-        ProtectKernelLogs = true;
-        ProtectControlGroups = true;
-        NoNewPrivileges = true;
-        RestrictRealtime = true;
-        RestrictSUIDSGID = true;
-        RemoveIPC = true;
-        PrivateMounts = true;
+        # ProtectHome = true;
+        # ProtectSystem = "strict";
+        # PrivateTmp = true;
+        # PrivateDevices = true;
+        # ProtectHostname = true;
+        # ProtectClock = true;
+        # ProtectKernelTunables = true;
+        # ProtectKernelModules = true;
+        # ProtectKernelLogs = true;
+        # ProtectControlGroups = true;
+        # NoNewPrivileges = true;
+        # RestrictRealtime = true;
+        # RestrictSUIDSGID = true;
+        # RemoveIPC = true;
+        # PrivateMounts = true;
       };
     };