Remove some protections

objectifier-module.nix

@@ -67,13 +67,13 @@ in {
       serviceConfig = {
         PrivateUsers = true;
         PrivateDevices = true;
-        PrivateTmp = true;
-        PrivateMounts = true;
-        ProtectControlGroups = true;
+        # PrivateTmp = true;
+        # PrivateMounts = true;
+        # ProtectControlGroups = true;
         ProtectKernelTunables = true;
         ProtectKernelModules = true;
-        ProtectSystem = true;
-        ProtectHostname = true;
+        # ProtectSystem = true;
+        # ProtectHostname = true;
         ProtectHome = true;
         ProtectClock = true;
         ProtectKernelLogs = true;
@@ -90,7 +90,6 @@ in {
         RestartSec = "5s";
         Type = "simple";
         PIDFile = "/run/objectifier.pid";
-        ReadWritePaths = [ "/run" ];
         ExecStart = let
           bindClause = concatStringsSep " "
             (map (addr: "--bind ${addr}:${toString cfg.port}")