nixos/public-inbox: set ProtectHome=tmpfs

This fixes using coderepos in /home, by allowing the coderepo paths to
be bind mounted into an otherwise empty /home tmpfs.  Since this was
the usecase for making ProtectHome= overrideable, we don't need the
mkDefault any more.
This commit is contained in:
Alyssa Ross 2023-06-05 18:21:46 +00:00
parent 03216e705c
commit eafa1fd10d

View File

@ -89,7 +89,7 @@ let
PrivateNetwork = mkDefault (!needNetwork);
ProcSubset = "pid";
ProtectClock = true;
ProtectHome = mkDefault true;
ProtectHome = "tmpfs";
ProtectHostname = true;
ProtectKernelLogs = true;
ProtectProc = "invisible";