From e1db88eb9b99a14dfe51e665819abfbd25cfe589 Mon Sep 17 00:00:00 2001
From: oufmilo <44617467+oufmilo@users.noreply.github.com>
Date: Fri, 9 Feb 2024 18:42:00 +0100
Subject: [PATCH] Test

---
 conf/systemd.service | 38 --------------------------------------
 scripts/backup       |  6 ------
 scripts/restore      |  1 -
 3 files changed, 45 deletions(-)

diff --git a/conf/systemd.service b/conf/systemd.service
index 18a7ba1..3309e3c 100644
--- a/conf/systemd.service
+++ b/conf/systemd.service
@@ -11,43 +11,5 @@ ExecStart=__INSTALL_DIR__/mautrix-discord -c __INSTALL_DIR__/config.yaml
 Restart=always
 RestartSec=3
 
-# Optional hardening to improve security
-ReadWritePaths=__INSTALL_DIR__/ /var/log/__APP__
-NoNewPrivileges=yes
-MemoryDenyWriteExecute=true
-PrivateDevices=yes
-PrivateTmp=yes
-ProtectHome=yes
-ProtectSystem=strict
-ProtectControlGroups=true
-RestrictNamespaces=yes
-RestrictAddressFamilies=AF_UNIX AF_INET AF_INET6 AF_NETLINK
-ProtectProc=invisible
-DevicePolicy=closed
-RestrictSUIDSGID=true
-RestrictRealtime=true
-LockPersonality=true
-ProtectKernelLogs=true
-ProtectKernelTunables=true
-ProtectHostname=true
-ProtectKernelModules=true
-PrivateUsers=true
-ProtectClock=true
-SystemCallArchitectures=native
-SystemCallErrorNumber=EPERM
-SystemCallFilter=@system-service
-
-# Denying access to capabilities that should not be relevant for webapps
-# Doc: https://man7.org/linux/man-pages/man7/capabilities.7.html
-CapabilityBoundingSet=~CAP_RAWIO CAP_MKNOD
-CapabilityBoundingSet=~CAP_AUDIT_CONTROL CAP_AUDIT_READ CAP_AUDIT_WRITE
-CapabilityBoundingSet=~CAP_SYS_BOOT CAP_SYS_TIME CAP_SYS_MODULE CAP_SYS_PACCT
-CapabilityBoundingSet=~CAP_LEASE CAP_LINUX_IMMUTABLE CAP_IPC_LOCK
-CapabilityBoundingSet=~CAP_BLOCK_SUSPEND CAP_WAKE_ALARM
-CapabilityBoundingSet=~CAP_SYS_TTY_CONFIG
-CapabilityBoundingSet=~CAP_MAC_ADMIN CAP_MAC_OVERRIDE
-CapabilityBoundingSet=~CAP_NET_ADMIN CAP_NET_BROADCAST CAP_NET_RAW
-CapabilityBoundingSet=~CAP_SYS_ADMIN CAP_SYS_PTRACE CAP_SYSLOG
-
 [Install]
 WantedBy=multi-user.target
\ No newline at end of file
diff --git a/scripts/backup b/scripts/backup
index 9b49b33..251bb1b 100755
--- a/scripts/backup
+++ b/scripts/backup
@@ -35,12 +35,6 @@ ynh_backup --src_path="/etc/logrotate.d/$app"
 
 ynh_backup --src_path="/etc/systemd/system/$app.service"
 
-#=================================================
-# BACKUP CONFIG FILE
-#=================================================
-
-ynh_backup --src_path="$install_dir/mautrix-discord"
-
 #=================================================
 # BACKUP THE POSTGRESQL DATABASE
 #=================================================
diff --git a/scripts/restore b/scripts/restore
index c64b188..1291891 100755
--- a/scripts/restore
+++ b/scripts/restore
@@ -57,7 +57,6 @@ systemctl enable $app.service --quiet
 yunohost service add $app --description="Matrix Discord pupetting bridge for YunoHost" --log="/var/log/$app/$app.log"
 
 ynh_restore_file --origin_path="/etc/logrotate.d/$app"
-ynh_restore_file --origin_path="$install_dir/mautrix-discord"
 
 #=================================================
 # GENERIC FINALIZATION