diff options
| author | Alyssa Ross <hi@alyssa.is> | 2023-06-05 18:21:46 +0000 |
|---|---|---|
| committer | Alyssa Ross <hi@alyssa.is> | 2023-06-20 17:19:09 +0000 |
| commit | eafa1fd10d709fb2e5b85865cb475f1c074c33f8 (patch) | |
| tree | 8a1ecc7bfee2311040a10c0b40649e52a65b120b /nixos | |
| parent | 03216e705c057b73761162db9198bb30e9d60932 (diff) | |
| download | nixpkgs-eafa1fd10d709fb2e5b85865cb475f1c074c33f8.tar nixpkgs-eafa1fd10d709fb2e5b85865cb475f1c074c33f8.tar.gz nixpkgs-eafa1fd10d709fb2e5b85865cb475f1c074c33f8.tar.bz2 nixpkgs-eafa1fd10d709fb2e5b85865cb475f1c074c33f8.tar.lz nixpkgs-eafa1fd10d709fb2e5b85865cb475f1c074c33f8.tar.xz nixpkgs-eafa1fd10d709fb2e5b85865cb475f1c074c33f8.tar.zst nixpkgs-eafa1fd10d709fb2e5b85865cb475f1c074c33f8.zip | |
nixos/public-inbox: set ProtectHome=tmpfs
This fixes using coderepos in /home, by allowing the coderepo paths to be bind mounted into an otherwise empty /home tmpfs. Since this was the usecase for making ProtectHome= overrideable, we don't need the mkDefault any more.
Diffstat (limited to 'nixos')
| -rw-r--r-- | nixos/modules/services/mail/public-inbox.nix | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/nixos/modules/services/mail/public-inbox.nix b/nixos/modules/services/mail/public-inbox.nix index 9aa38c4c1c8..4944d46fbd7 100644 --- a/nixos/modules/services/mail/public-inbox.nix +++ b/nixos/modules/services/mail/public-inbox.nix @@ -89,7 +89,7 @@ let PrivateNetwork = mkDefault (!needNetwork); ProcSubset = "pid"; ProtectClock = true; - ProtectHome = mkDefault true; + ProtectHome = "tmpfs"; ProtectHostname = true; ProtectKernelLogs = true; ProtectProc = "invisible"; |