Try removing some of the restrictions

2022-06-19 16:55:46 -07:00 · 2022-06-19 16:55:46 -07:00 · 917f2e5a93
commit 917f2e5a93
parent c5f2a7cdde
1 changed files with 12 additions and 13 deletions
--- a/module.nix
+++ b/module.nix
@ -62,25 +62,24 @@ in {
        environment = {
          PRICEBOT_EXCHANGE_HOST = cfg.exchange-host;
          PRICEBOT_BEBOT_URL = cfg.mattermost-url;
-          # PRICEBOT_BEBOT_AUTH_TOKEN_FILE = "%d/auth.token";
+          PRICEBOT_BEBOT_AUTH_TOKEN_FILE = "%d/auth.token";
          PRICEBOT_BEBOT_CHANNEL_ID = opts.mattermost-channel-id;
          PRICEBOT_TARGET_CURRENCY = opts.currency;
          PRICEBOT_NOTIFY_USER = opts.notify-user;
        };
        serviceConfig = {
-          ExecStart =
-            "${pricebot}/bin/pricebot \${CREDENTIALS_DIRECTORY}/auth.token";
+          ExecStart = "${pricebot}/bin/pricebot";
          DynamicUser = true;
-          PrivateTmp = true;
-          PrivateDevices = true;
-          ProtectSystem = "strict";
-          ProtectControlGroups = true;
-          ProtectKernelTunables = true;
-          ProtectKernelModules = true;
-          ProtectHostname = true;
-          ProtectHome = true;
-          ProtectClock = true;
-          ProtectKernelLogs = true;
+          # PrivateTmp = true;
+          # PrivateDevices = true;
+          # ProtectSystem = "strict";
+          # ProtectControlGroups = true;
+          # ProtectKernelTunables = true;
+          # ProtectKernelModules = true;
+          # ProtectHostname = true;
+          # ProtectHome = true;
+          # ProtectClock = true;
+          # ProtectKernelLogs = true;
          Restart = "always";
          StandardOutput = "journal";
        };