Relaxing seccomp even more

flake.nix

@@ -33,7 +33,6 @@
 
           nix-bitcoin.generateSecrets = true;
 
-          # Enable core services
           services.bitcoind = {
             enable = true;
             dataDir = "/var/lib/bitcoind";
@@ -81,13 +80,11 @@
           systemd.services.btcpayserver.serviceConfig = {
             SystemCallFilter = [];
             PrivateMounts = false;
-            ProtectSystem = false;
+            ProtectSystem = lib.mkForce false; # Overrides nix-bitcoin's "strict" value
           };
 
-          # Container mode (required for your Proxmox LXC)
           boot.isContainer = true;
 
-          # Firewall: Open necessary ports
           networking.firewall.allowedTCPPorts = [
             config.services.btcpayserver.port
             config.services.bitcoind.port
@@ -95,7 +92,6 @@
             22
           ];
 
-          # SSH setup
           services.openssh = {
             enable = true;
             settings = {
@@ -103,20 +99,19 @@
               PasswordAuthentication = false;
             };
           };
+
           users.users.root.openssh.authorizedKeys.keys = [
             "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPs/pdZLlCbv0vgtFA4hHGuWz1EeSn2kKhBJthlZ5lww devnix"
             "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDw6ilma4321EdQvguZKA7ijn9xF9QlfMfkES4bGCLTp jeirmeister@devnix-t470"
             "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAaV7JtUWkWrjo5FfCcpTCCEY/OJ+T1mJOLbe4avg0XH sysadmin@skrybit.io"
           ];
 
-          # Suppress unnecessary units
           systemd.suppressedSystemUnits = [
             "dev-mqueue.mount"
             "sys-kernel-debug.mount"
             "sys-fs-fuse-connections.mount"
           ];
 
-          # State version
           system.stateVersion = "25.05";
         })
       ];