immich: works with mounts

This commit is contained in:
Motiejus Jakštys 2024-09-29 22:40:53 +03:00
parent 34ad013b10
commit 4ca6a90975

View File

@ -61,15 +61,8 @@ in
) cfg.bindPaths; ) cfg.bindPaths;
PrivateDevices = lib.mkForce false; # /dev/fuse PrivateDevices = lib.mkForce false; # /dev/fuse
CapabilityBoundingSet = lib.mkForce "CAP_SYS_ADMIN | CAP_SETUID | CAP_SETGID"; CapabilityBoundingSet = lib.mkForce "CAP_SYS_ADMIN | CAP_SETUID | CAP_SETGID";
# testing
ExecStart = lib.mkForce ("!" + (lib.getExe startScript)); ExecStart = lib.mkForce ("!" + (lib.getExe startScript));
NoNewPrivileges = lib.mkForce false; PrivateUsers = lib.mkForce false; # bindfs fails otherwise
PrivateUsers = lib.mkForce false;
PrivateTmp = lib.mkForce false;
PrivateMounts = lib.mkForce false;
ProtectClock = lib.mkForce false;
ProtectControlGroups = lib.mkForce false;
}; };
}; };