tsuki/plex: remove security hardening, included in nixos 24.05

2024-06-10 00:45:19 +02:00 · 2024-06-10 00:45:19 +02:00 · 53c6c32fb8
parent 3a81abb683
commit 53c6c32fb8
1 changed files with 0 additions and 23 deletions
--- a/hosts/tsuki/services/plex.nix
+++ b/hosts/tsuki/services/plex.nix
@ -5,27 +5,4 @@ in {
    enable = true;
    openFirewall = true;
  };
-
-  systemd.services.plex.serviceConfig = {
-    ReadWritePaths = [ cfg.dataDir ];
-    NoNewPrivileges = true;
-    PrivateDevices = true;
-    ProtectClock = true;
-    ProtectKernelLogs = true;
-    ProtectKernelModules = true;
-    PrivateMounts = true;
-    RestrictSUIDSGID = true;
-    ProtectHostname = true;
-    LockPersonality = true;
-    ProtectKernelTunables = true;
-    ProtectSystem = "strict";
-    ProtectProc = true;
-    ProtectHome = true;
-    # PrivateNetwork = true;
-    PrivateUsers = true;
-    PrivateTmp = true;
-    UMask = "0007";
-    # RestrictAddressFamilies = [ "AF_UNIX AF_INET AF_INET6" ];
-    SystemCallArchitectures = "native";
-  };
 }