tsuki/plex: remove security hardening, included in nixos 24.05

This commit is contained in:
Oystein Kristoffer Tveit 2024-06-10 00:45:19 +02:00
parent 3a81abb683
commit 53c6c32fb8
Signed by: oysteikt
GPG Key ID: 9F2F7D8250F35146

View File

@ -5,27 +5,4 @@ in {
enable = true;
openFirewall = true;
};
systemd.services.plex.serviceConfig = {
ReadWritePaths = [ cfg.dataDir ];
NoNewPrivileges = true;
PrivateDevices = true;
ProtectClock = true;
ProtectKernelLogs = true;
ProtectKernelModules = true;
PrivateMounts = true;
RestrictSUIDSGID = true;
ProtectHostname = true;
LockPersonality = true;
ProtectKernelTunables = true;
ProtectSystem = "strict";
ProtectProc = true;
ProtectHome = true;
# PrivateNetwork = true;
PrivateUsers = true;
PrivateTmp = true;
UMask = "0007";
# RestrictAddressFamilies = [ "AF_UNIX AF_INET AF_INET6" ];
SystemCallArchitectures = "native";
};
}