From a74faa6bada7f4596ba17cce57647dfd58abf5a2 Mon Sep 17 00:00:00 2001
From: Illia Chub <mail@ilchub.net>
Date: Mon, 26 Jul 2021 11:34:51 +0300
Subject: [PATCH] Fixed path for the SelfPrivacy API service

---
 nixos-infect | 11 +++--------
 1 file changed, 3 insertions(+), 8 deletions(-)
 mode change 100755 => 100644 nixos-infect

diff --git a/nixos-infect b/nixos-infect
old mode 100755
new mode 100644
index d5d8de0..bbef1bb
--- a/nixos-infect
+++ b/nixos-infect
@@ -207,6 +207,7 @@ EOF
   users.users = {
     virtualMail = {
       isNormalUser = false;
+      isSystemUser = true;
     };
   };
 
@@ -648,6 +649,7 @@ cat > /etc/nixos/api/api.nix << EOF
 
   users.users."selfprivacy-api" = {
     isNormalUser = false;
+    isSystemUser = true;
     extraGroups = [ "opendkim" ];
   };
   users.groups."selfprivacy-api" = {
@@ -712,18 +714,11 @@ in
       environment = {
         PYTHONUNBUFFERED = "1";
       };
-      path = [ "/var/" "/var/dkim/" ];
+      path = [ "/var/" "/var/dkim/" pkgs.coreutils pkgs.gnutar pkgs.xz.bin pkgs.gzip pkgs.gitMinimal pkgs.config.nix.package.out ];
       after = [ "network-online.target" ];
       wantedBy = [ "network-online.target" ];
       serviceConfig = {
         User = "root";
-        PrivateDevices = "true";
-        ProtectKernelTunables = "true";
-        ProtectKernelModules = "true";
-        LockPersonality = "true";
-        RestrictRealtime = "true";
-        SystemCallFilter = "@system-service @network-io @signal";
-        SystemCallErrorNumber = "EPERM";
         ExecStart = "\${selfprivacy-api}/bin/main.py";
         Restart = "always";
         RestartSec = "5";