mirror of
https://github.com/NixOS/nixpkgs.git
synced 2025-07-13 21:50:33 +03:00
nixos/public-inbox: set ProtectHome=tmpfs
This fixes using coderepos in /home, by allowing the coderepo paths to be bind mounted into an otherwise empty /home tmpfs. Since this was the usecase for making ProtectHome= overrideable, we don't need the mkDefault any more.
This commit is contained in:
parent
03216e705c
commit
eafa1fd10d
1 changed files with 1 additions and 1 deletions
|
@ -89,7 +89,7 @@ let
|
|||
PrivateNetwork = mkDefault (!needNetwork);
|
||||
ProcSubset = "pid";
|
||||
ProtectClock = true;
|
||||
ProtectHome = mkDefault true;
|
||||
ProtectHome = "tmpfs";
|
||||
ProtectHostname = true;
|
||||
ProtectKernelLogs = true;
|
||||
ProtectProc = "invisible";
|
||||
|
|
Loading…
Add table
Add a link
Reference in a new issue