From 1c662fcce6208d12ae19bab0774eacb82db9637a Mon Sep 17 00:00:00 2001
From: Charlie Root <charlie@charlieroot.dev>
Date: Wed, 16 Apr 2025 22:34:25 +0200
Subject: [PATCH] owncloud/module.nix: unharden

---
 modules/services/owncloud/module.nix | 24 ++++++++++++------------
 1 file changed, 12 insertions(+), 12 deletions(-)

diff --git a/modules/services/owncloud/module.nix b/modules/services/owncloud/module.nix
index 2d7974e..0239704 100644
--- a/modules/services/owncloud/module.nix
+++ b/modules/services/owncloud/module.nix
@@ -30,19 +30,19 @@ in {
         # User = "cr";
         # Group = "cr";
 
-        Keyringmode = "shared";
-        DevicePolicy = "closed";
-        PrivateDevices = true;
-        PrivateTmp = true;
-        ProtectClock = true;
-        ProtectControlGroups = true;
-        ProtectControlGroup = true;
-        ProtectKernelLogs = true;
-        ProtectKernelModules = true;
-        ProtectKernelTunables = true;
+        #   Keyringmode = "shared";
+        #   DevicePolicy = "closed";
+        #   PrivateDevices = true;
+        #   PrivateTmp = true;
+        #   ProtectClock = true;
+        #   ProtectControlGroups = true;
+        #   ProtectControlGroup = true;
+        #   ProtectKernelLogs = true;
+        #   ProtectKernelModules = true;
+        #   ProtectKernelTunables = true;
 
-        ProtectSystem = "strict";
-        SystemCallFilter = "~@clock @cpu-emulation @debug @obsolete @module @mount @raw-io @reboot @swap @privileged";
+        #   ProtectSystem = "strict";
+        #   SystemCallFilter = "~@clock @cpu-emulation @debug @obsolete @module @mount @raw-io @reboot @swap @privileged";
       };
     };
   };