From 1573102a8921e5d53dd4b65e2be36923c528158d Mon Sep 17 00:00:00 2001
From: Sarah Brofeldt <sarah@qtr.dk>
Date: Mon, 2 Dec 2019 20:22:50 +0100
Subject: [PATCH] nixos/gitea: Fix startup

---
 nixos/modules/services/misc/gitea.nix | 4 +---
 1 file changed, 1 insertion(+), 3 deletions(-)

diff --git a/nixos/modules/services/misc/gitea.nix b/nixos/modules/services/misc/gitea.nix
index b6f4d88adbef..509a080ef017 100644
--- a/nixos/modules/services/misc/gitea.nix
+++ b/nixos/modules/services/misc/gitea.nix
@@ -396,9 +396,7 @@ in
         Restart = "always";
 
         # Filesystem
-        ProtectSystem = "strict";
         ProtectHome = true;
-        PrivateTmp = true;
         PrivateDevices = true;
         ProtectKernelTunables = true;
         ProtectKernelModules = true;
@@ -413,7 +411,7 @@ in
         PrivateMounts = true;
         PrivateUsers = true;
         MemoryDenyWriteExecute = true;
-        SystemCallFilter = "~@chown @clock @cpu-emulation @debug @keyring @memlock @module @mount @obsolete @privileged @raw-io @reboot @resources @setuid @swap";
+        SystemCallFilter = "~@clock @cpu-emulation @debug @keyring @memlock @module @mount @obsolete @raw-io @reboot @resources @setuid @swap";
         SystemCallArchitectures = "native";
         RestrictAddressFamilies = "AF_UNIX AF_INET AF_INET6";
       };