nixos/akkoma: dont disable protectsystem in confinement mode

this works fine since #289593
2025-07-13 21:50:33 +03:00 · 2024-05-25 18:42:22 +01:00 · 2024-05-25 18:42:22 +01:00 · 7952d92b82
commit 7952d92b82
parent a247fc94b4
1 changed files with 1 additions and 1 deletions
--- a/nixos/modules/services/web-apps/akkoma.nix
+++ b/nixos/modules/services/web-apps/akkoma.nix
@ -1072,7 +1072,7 @@ in {
        ProtectProc = "noaccess";
        ProcSubset = "pid";
-        ProtectSystem = mkIf (!isConfined) "strict";
+        ProtectSystem = "strict";
        ProtectHome = true;
        PrivateTmp = true;
        PrivateDevices = true;