Commit eafa1fd1 authored by Alyssa Ross's avatar Alyssa Ross
Browse files

nixos/public-inbox: set ProtectHome=tmpfs 

This fixes using coderepos in /home, by allowing the coderepo paths to
be bind mounted into an otherwise empty /home tmpfs.  Since this was
the usecase for making ProtectHome= overrideable, we don't need the
mkDefault any more.
parent 03216e70

nixos/modules/services/mail/public-inbox.nix

+1 −1
Original line number Diff line number Diff line
@@ -89,7 +89,7 @@ let 
      PrivateNetwork = mkDefault (!needNetwork);

      ProcSubset = "pid";

      ProtectClock = true;

      ProtectHome = mkDefault true;

      ProtectHome = "tmpfs";

      ProtectHostname = true;

      ProtectKernelLogs = true;

      ProtectProc = "invisible";