update to 24.05

hosts/profiles/gonic/module-gonic.nix

@@ -68,14 +68,10 @@ in
         Group = cfg.group;
         DevicePolicy = "closed";
         NoNewPrivileges = " yes";
-        PrivateTmp = "yes";
-        PrivateUsers = "yes";
         ProtectControlGroups = "yes";
         ProtectKernelModules = "yes";
         ProtectKernelTunables = "yes";
         RestrictAddressFamilies = "AF_UNIX AF_INET AF_INET6";
-        RestrictNamespaces = "yes";
-        RestrictRealtime = "yes";
         SystemCallFilter = "~@clock @debug @module @mount @obsolete @privileged @reboot @setuid @swap";
         ReadWritePaths = dataFolder;
         StateDirectory = baseNameOf dataFolder;