From 917f2e5a932ebce0abad8e32c322a67f8008c6bf Mon Sep 17 00:00:00 2001
From: niten <niten@fudo.org>
Date: Sun, 19 Jun 2022 16:55:46 -0700
Subject: [PATCH] Try removing some of the restrictions

---
 module.nix | 25 ++++++++++++-------------
 1 file changed, 12 insertions(+), 13 deletions(-)

diff --git a/module.nix b/module.nix
index 93d5a30..54ebd80 100644
--- a/module.nix
+++ b/module.nix
@@ -62,25 +62,24 @@ in {
         environment = {
           PRICEBOT_EXCHANGE_HOST = cfg.exchange-host;
           PRICEBOT_BEBOT_URL = cfg.mattermost-url;
-          # PRICEBOT_BEBOT_AUTH_TOKEN_FILE = "%d/auth.token";
+          PRICEBOT_BEBOT_AUTH_TOKEN_FILE = "%d/auth.token";
           PRICEBOT_BEBOT_CHANNEL_ID = opts.mattermost-channel-id;
           PRICEBOT_TARGET_CURRENCY = opts.currency;
           PRICEBOT_NOTIFY_USER = opts.notify-user;
         };
         serviceConfig = {
-          ExecStart =
-            "${pricebot}/bin/pricebot \${CREDENTIALS_DIRECTORY}/auth.token";
+          ExecStart = "${pricebot}/bin/pricebot";
           DynamicUser = true;
-          PrivateTmp = true;
-          PrivateDevices = true;
-          ProtectSystem = "strict";
-          ProtectControlGroups = true;
-          ProtectKernelTunables = true;
-          ProtectKernelModules = true;
-          ProtectHostname = true;
-          ProtectHome = true;
-          ProtectClock = true;
-          ProtectKernelLogs = true;
+          # PrivateTmp = true;
+          # PrivateDevices = true;
+          # ProtectSystem = "strict";
+          # ProtectControlGroups = true;
+          # ProtectKernelTunables = true;
+          # ProtectKernelModules = true;
+          # ProtectHostname = true;
+          # ProtectHome = true;
+          # ProtectClock = true;
+          # ProtectKernelLogs = true;
           Restart = "always";
           StandardOutput = "journal";
         };