nixos/vdirsyncer: only use ProtectHome=yes with DynamicUser=yes

If a user is given it seems likely that their home directory is accessed.

nixos/modules/services/networking/vdirsyncer.nix

@@ -45,6 +45,7 @@ let
       }
       // (optionalAttrs (cfg'.user == null) {
         DynamicUser = true;
+        ProtectHome = true;
       })
       // (optionalAttrs (cfg'.additionalGroups != [ ]) {
         SupplementaryGroups = cfg'.additionalGroups;
@@ -63,7 +64,6 @@ let
       PrivateTmp = true;
       NoNewPrivileges = true;
       ProtectSystem = "strict";
-      ProtectHome = true;
       ProtectKernelTunables = true;
       ProtectKernelModules = true;
       ProtectControlGroups = true;

nixos/tests/vdirsyncer.nix

@@ -217,13 +217,6 @@ import ./make-test-python.nix (
           };
         };
 
-        # ProtectHome is the default, but we must access our storage
-        # in ~.
-        systemd.services = {
-          "vdirsyncer@alice".serviceConfig.ProtectHome = lib.mkForce false;
-          "vdirsyncer@bob".serviceConfig.ProtectHome = lib.mkForce false;
-        };
-
         users.users = {
           alice.isNormalUser = true;
           bob.isNormalUser = true;