Try removing some of the restrictions
This commit is contained in:
parent
c5f2a7cdde
commit
917f2e5a93
25
module.nix
25
module.nix
@ -62,25 +62,24 @@ in {
|
||||
environment = {
|
||||
PRICEBOT_EXCHANGE_HOST = cfg.exchange-host;
|
||||
PRICEBOT_BEBOT_URL = cfg.mattermost-url;
|
||||
# PRICEBOT_BEBOT_AUTH_TOKEN_FILE = "%d/auth.token";
|
||||
PRICEBOT_BEBOT_AUTH_TOKEN_FILE = "%d/auth.token";
|
||||
PRICEBOT_BEBOT_CHANNEL_ID = opts.mattermost-channel-id;
|
||||
PRICEBOT_TARGET_CURRENCY = opts.currency;
|
||||
PRICEBOT_NOTIFY_USER = opts.notify-user;
|
||||
};
|
||||
serviceConfig = {
|
||||
ExecStart =
|
||||
"${pricebot}/bin/pricebot \${CREDENTIALS_DIRECTORY}/auth.token";
|
||||
ExecStart = "${pricebot}/bin/pricebot";
|
||||
DynamicUser = true;
|
||||
PrivateTmp = true;
|
||||
PrivateDevices = true;
|
||||
ProtectSystem = "strict";
|
||||
ProtectControlGroups = true;
|
||||
ProtectKernelTunables = true;
|
||||
ProtectKernelModules = true;
|
||||
ProtectHostname = true;
|
||||
ProtectHome = true;
|
||||
ProtectClock = true;
|
||||
ProtectKernelLogs = true;
|
||||
# PrivateTmp = true;
|
||||
# PrivateDevices = true;
|
||||
# ProtectSystem = "strict";
|
||||
# ProtectControlGroups = true;
|
||||
# ProtectKernelTunables = true;
|
||||
# ProtectKernelModules = true;
|
||||
# ProtectHostname = true;
|
||||
# ProtectHome = true;
|
||||
# ProtectClock = true;
|
||||
# ProtectKernelLogs = true;
|
||||
Restart = "always";
|
||||
StandardOutput = "journal";
|
||||
};
|
||||
|
Loading…
x
Reference in New Issue
Block a user