diff --git a/hosts/tesla-nixos/configuration.nix b/hosts/tesla-nixos/configuration.nix
index 3b548f6..aa3be1d 100644
--- a/hosts/tesla-nixos/configuration.nix
+++ b/hosts/tesla-nixos/configuration.nix
@@ -50,14 +50,6 @@
         hostPath = "/var/lib/gitlab-runner";
         isReadOnly = false;
       };
-      "/var/lib/gitlab-runner/builds" = {
-        hostPath = "/var/lib/gitlab-runner/builds";
-        isReadOnly = false;
-      };
-      "/var/lib/gitlab-runner/cache" = {
-        hostPath = "/var/lib/gitlab-runner/cache";
-        isReadOnly = false;
-      };
     };
 
     # Guest (inside the nspawn container)
@@ -103,7 +95,10 @@
         StateDirectory = lib.mkForce "";
         LogsDirectory  = lib.mkForce "";
         CacheDirectory = lib.mkForce "";
-        RuntimeDirectory = lib.mkForce "";  # optional, keeps things simple
+        RuntimeDirectory = lib.mkForce "";
+        ProtectSystem = lib.mkForce "no";
+        ProtectHome   = lib.mkForce "no";
+        ReadWritePaths = [ "/var/lib/gitlab-runner" ];
       };
       # Basics
       systemd.oomd.enable = false;