28 lines
722 B
Nix
28 lines
722 B
Nix
{ lib, ... }:
|
|
with lib;
|
|
{
|
|
options.systemd.services = mkOption {
|
|
type = types.attrsOf (
|
|
types.submodule {
|
|
config.serviceConfig.ProtectHome = lib.mkDefault true;
|
|
}
|
|
);
|
|
};
|
|
|
|
config.systemd.services = {
|
|
"user-runtime-dir@".serviceConfig.ProtectHome = false;
|
|
"user@".serviceConfig.ProtectHome = false;
|
|
|
|
display-manager.serviceConfig.ProtectHome = "read-only"; # false;
|
|
|
|
systemd-homed.serviceConfig.ProtectHome = false;
|
|
systemd-homed-activate.serviceConfig.ProtectHome = false;
|
|
|
|
dbus-broker.serviceConfig.ProtectHome = "read-only"; # false;
|
|
};
|
|
|
|
# config.systemd.units."service.d/protect-user-home-by-default.conf".text = ''
|
|
# [Service]
|
|
# ProtectHome=yes
|
|
# '';
|
|
}
|