From bacae801995e1d86fe677122fb0e16ee23210281 Mon Sep 17 00:00:00 2001
From: rasmus-kirk <mail@rasmuskirk.com>
Date: Sat, 18 Jan 2025 12:36:35 +0100
Subject: [PATCH] Added todos

---
 nixarr/jellyseerr/jellyseerr-module/default.nix | 17 +++++++++++++++++
 1 file changed, 17 insertions(+)

diff --git a/nixarr/jellyseerr/jellyseerr-module/default.nix b/nixarr/jellyseerr/jellyseerr-module/default.nix
index fc6b77c..8b4d4a4 100644
--- a/nixarr/jellyseerr/jellyseerr-module/default.nix
+++ b/nixarr/jellyseerr/jellyseerr-module/default.nix
@@ -1,3 +1,4 @@
+# TODO: Add expose options for this module
 {
   config,
   pkgs,
@@ -67,6 +68,22 @@ in {
         Group = cfg.group;
         ExecStart = lib.getExe cfg.package;
         Restart = "on-failure";
+        # TODO: These are from nixpkgs, add them back if we add expose options
+        # ProtectHome = true;
+        # ProtectSystem = "strict";
+        # PrivateTmp = true;
+        # PrivateDevices = true;
+        # ProtectHostname = true;
+        # ProtectClock = true;
+        # ProtectKernelTunables = true;
+        # ProtectKernelModules = true;
+        # ProtectKernelLogs = true;
+        # ProtectControlGroups = true;
+        # NoNewPrivileges = true;
+        # RestrictRealtime = true;
+        # RestrictSUIDSGID = true;
+        # RemoveIPC = true;
+        # PrivateMounts = true;
       };
     };