fix: filebot

hosts/fw/modules/pyload/pyload.nix

@@ -1,8 +1,8 @@
-{ pkgs, lib, ... }:
+{ pkgs, ... }:
 {
   environment.systemPackages = with pkgs; [
-    unrar    # Required for RAR archive extraction
-    p7zip    # Required for 7z and other archive formats
+    unrar # Required for RAR archive extraction
+    p7zip # Required for 7z and other archive formats
   ];
 
   services.pyload = {
@@ -16,8 +16,8 @@
   systemd.services.pyload = {
     # Add extraction tools to service PATH
     path = with pkgs; [
-      unrar    # For RAR extraction
-      p7zip    # For 7z extraction
+      unrar # For RAR extraction
+      p7zip # For 7z extraction
     ];
 
     environment = {
@@ -38,7 +38,7 @@
 
       # Enable ExternalScripts plugin for hooks
       PYLOAD__EXTERNALSCRIPTS__ENABLED = "1";
-      PYLOAD__EXTERNALSCRIPTS__UNLOCK = "1";  # Run hooks asynchronously
+      PYLOAD__EXTERNALSCRIPTS__UNLOCK = "1"; # Run hooks asynchronously
     };
 
     # Bind-mount DNS configuration files into the chroot
@@ -50,20 +50,6 @@
         "/etc/ssl"
         "/etc/static/ssl"
       ];
-      # Bind mount multimedia directory as writable for FileBot hook scripts
-      BindPaths = [ "/multimedia" ];
-
-      # Override SystemCallFilter to allow @resources syscalls
-      # FileBot (Java) needs resource management syscalls like setpriority
-      # during cleanup operations. Still block privileged syscalls for security.
-      # Use mkForce to completely replace the NixOS module's default filter.
-      SystemCallFilter = lib.mkForce [
-        "@system-service"
-        "@resources"       # Explicitly allow resource management syscalls
-        "~@privileged"     # Still block privileged operations
-        "fchown"           # Re-allow fchown for FileBot file operations
-        "fchown32"         # 32-bit compatibility
-      ];
     };
   };
 }