diff options
author | Alyssa Ross <hi@alyssa.is> | 2023-06-05 18:21:46 +0000 |
---|---|---|
committer | Alyssa Ross <hi@alyssa.is> | 2023-06-20 17:19:09 +0000 |
commit | eafa1fd10d709fb2e5b85865cb475f1c074c33f8 (patch) | |
tree | 8a1ecc7bfee2311040a10c0b40649e52a65b120b /nixos/modules/services | |
parent | 03216e705c057b73761162db9198bb30e9d60932 (diff) |
nixos/public-inbox: set ProtectHome=tmpfs
This fixes using coderepos in /home, by allowing the coderepo paths to be bind mounted into an otherwise empty /home tmpfs. Since this was the usecase for making ProtectHome= overrideable, we don't need the mkDefault any more.
Diffstat (limited to 'nixos/modules/services')
-rw-r--r-- | nixos/modules/services/mail/public-inbox.nix | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/nixos/modules/services/mail/public-inbox.nix b/nixos/modules/services/mail/public-inbox.nix index 9aa38c4c1c827..4944d46fbd736 100644 --- a/nixos/modules/services/mail/public-inbox.nix +++ b/nixos/modules/services/mail/public-inbox.nix @@ -89,7 +89,7 @@ let PrivateNetwork = mkDefault (!needNetwork); ProcSubset = "pid"; ProtectClock = true; - ProtectHome = mkDefault true; + ProtectHome = "tmpfs"; ProtectHostname = true; ProtectKernelLogs = true; ProtectProc = "invisible"; |