nixos/esphome: fix bwrap

(cherry picked from commit 9f563e21ac4dfb62ca57ff5b5893e86e497cfd72)
author: Felix Buehler <account@buehler.rocks> 2023-11-28 00:48:30 +0100
committer: github-actions[bot] <github-actions[bot]@users.noreply.github.com> 2023-11-29 18:41:20 +0000
commit: 9e10159781ff61299a984b1fad90b6f002d18b98 (patch)
tree: c171956331d623cea2a23d8d18be72233bb751b9 /nixos/modules
parent: 30e01ee8bd9f7c41d9cc2af860900f26991bd992 (diff)
1 files changed, 3 insertions, 3 deletions
diff --git a/nixos/modules/services/home-automation/esphome.nix b/nixos/modules/services/home-automation/esphome.nix
index 080c8876382f9..5827c75b52865 100644
--- a/nixos/modules/services/home-automation/esphome.nix
+++ b/nixos/modules/services/home-automation/esphome.nix
@@ -107,10 +107,10 @@ in
         ProtectClock = true;
         ProtectControlGroups = true;
         ProtectHome = true;
-        ProtectHostname = true;
-        ProtectKernelLogs = true;
+        ProtectHostname = false; # breaks bwrap
+        ProtectKernelLogs = false; # breaks bwrap
         ProtectKernelModules = true;
-        ProtectKernelTunables = true;
+        ProtectKernelTunables = false; # breaks bwrap
         ProtectProc = "invisible";
         ProcSubset = "all"; # Using "pid" breaks bwrap
         ProtectSystem = "strict";
author	Felix Buehler <account@buehler.rocks>	2023-11-28 00:48:30 +0100
committer	github-actions[bot] <github-actions[bot]@users.noreply.github.com>	2023-11-29 18:41:20 +0000
commit	9e10159781ff61299a984b1fad90b6f002d18b98 (patch)
tree	c171956331d623cea2a23d8d18be72233bb751b9 /nixos/modules
parent	30e01ee8bd9f7c41d9cc2af860900f26991bd992 (diff)