From eafa1fd10d709fb2e5b85865cb475f1c074c33f8 Mon Sep 17 00:00:00 2001
From: Alyssa Ross <hi@alyssa.is>
Date: Mon, 5 Jun 2023 18:21:46 +0000
Subject: [PATCH] nixos/public-inbox: set ProtectHome=tmpfs

This fixes using coderepos in /home, by allowing the coderepo paths to
be bind mounted into an otherwise empty /home tmpfs.  Since this was
the usecase for making ProtectHome= overrideable, we don't need the
mkDefault any more.
---
 nixos/modules/services/mail/public-inbox.nix | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/nixos/modules/services/mail/public-inbox.nix b/nixos/modules/services/mail/public-inbox.nix
index 9aa38c4c1c82..4944d46fbd73 100644
--- a/nixos/modules/services/mail/public-inbox.nix
+++ b/nixos/modules/services/mail/public-inbox.nix
@@ -89,7 +89,7 @@ let
       PrivateNetwork = mkDefault (!needNetwork);
       ProcSubset = "pid";
       ProtectClock = true;
-      ProtectHome = mkDefault true;
+      ProtectHome = "tmpfs";
       ProtectHostname = true;
       ProtectKernelLogs = true;
       ProtectProc = "invisible";