From 355d2ad13d355225fbedf8bb08dc49e9b5f4b9f2 Mon Sep 17 00:00:00 2001
From: h7x4 <h7x4@nani.wtf>
Date: Tue, 22 Oct 2024 19:49:52 +0200
Subject: [PATCH] module.nix: relax hardening

---
 module.nix | 14 ++++++++------
 1 file changed, 8 insertions(+), 6 deletions(-)

diff --git a/module.nix b/module.nix
index 2e8df5d..e03bc3c 100644
--- a/module.nix
+++ b/module.nix
@@ -135,18 +135,20 @@ in
           ProtectKernelModules = true;
           ProtectKernelTunables = true;
           ProtectProc = "invisible";
-          ProtectSystem = "full";
+          # I'll figure it out sometime
+          # ProtectSystem = "full";
           RemoveIPC = true;
           UMask = "0077";
           RestrictNamespaces = true;
           RestrictRealtime = true;
           RestrictSUIDSGID = true;
           SystemCallArchitectures = "native";
-          SystemCallFilter = [
-            "@system-service"
-            "~@privileged"
-            "~@resources"
-          ];
+          # Something brokey
+          # SystemCallFilter = [
+          #   "@system-service"
+          #   "~@privileged"
+          #   "~@resources"
+          # ];
         };
       };
     })