[Exec]
PrivateUsers=no
Capability=all
SystemCallFilter=@default @raw-io @system-service @known

[Files]
# binds host kodi home folder into nspawn
Bind=/var/lib/kodi

# media
Bind=/mnt/fook/Movies
Bind=/mnt/fook/Series
Bind=/mnt/fook/games
Bind=/mnt/fook/usenet
Bind=/mnt/fook/torrents

# device access
Bind=/dev/tty0
Bind=/dev/tty1
BindReadOnly=/dev/bus/usb
BindReadOnly=/dev/dri
BindReadOnly=/dev/input
BindReadOnly=/dev/lirc0
BindReadOnly=/dev/vga_arbiter
BindReadOnly=/lib/modules
# pulse need to be started in system mode with the following module and option:
# load-module module-native-protocol auth-authorize-anonymous
BindReadOnly=/run/pulse