nixos/pretix: Fix pdf generation

Previously, pdftk (part of the ticket, badge, ... generation pipeline)
would fail with:

```
Error occurred during initialization of VM
Failed to mark memory page as executable - check if grsecurity/PaX is enabled
```
Thise caused pdf generation to fail.

Since pdftk is a java application and, according to systemd.exec(5),

 > Note that [MemoryDenyWriteExecute=] is incompatible with programs and
 > libraries that generate program code dynamically at runtime, including
 > JIT execution engines, executable stacks, and code "trampoline" featu
 > re of various C compilers.

Disabling `MemoryDenyWriteExecute=` fixes it.

1 files changed, 1 insertions, 1 deletions

diff --git a/nixos/modules/services/web-apps/pretix.nix b/nixos/modules/services/web-apps/pretix.nix
index 500b2eb5416b..18d4a20beeec 100644
--- a/nixos/modules/services/web-apps/pretix.nix
+++ b/nixos/modules/services/web-apps/pretix.nix
@@ -479,7 +479,7 @@ in
           CapabilityBoundingSet = [ "" ];
           DevicePolicy = "closed";
           LockPersonality = true;
-          MemoryDenyWriteExecute = true;
+          MemoryDenyWriteExecute = false; # required by pdftk
           NoNewPrivileges = true;
           PrivateDevices = true;
           PrivateTmp = true;