From 630ba137433bd7238f29ac153f69e09940da3cf3 Mon Sep 17 00:00:00 2001
From: alisceon <alisceon@protonmail.com>
Date: Mon, 29 Sep 2025 18:10:56 +0200
Subject: [PATCH] inconcievable

---
 hosts/tesla-nixos/configuration.nix | 13 ++++---------
 1 file changed, 4 insertions(+), 9 deletions(-)

diff --git a/hosts/tesla-nixos/configuration.nix b/hosts/tesla-nixos/configuration.nix
index 3b548f6..aa3be1d 100644
--- a/hosts/tesla-nixos/configuration.nix
+++ b/hosts/tesla-nixos/configuration.nix
@@ -50,14 +50,6 @@
         hostPath = "/var/lib/gitlab-runner";
         isReadOnly = false;
       };
-      "/var/lib/gitlab-runner/builds" = {
-        hostPath = "/var/lib/gitlab-runner/builds";
-        isReadOnly = false;
-      };
-      "/var/lib/gitlab-runner/cache" = {
-        hostPath = "/var/lib/gitlab-runner/cache";
-        isReadOnly = false;
-      };
     };
 
     # Guest (inside the nspawn container)
@@ -103,7 +95,10 @@
         StateDirectory = lib.mkForce "";
         LogsDirectory  = lib.mkForce "";
         CacheDirectory = lib.mkForce "";
-        RuntimeDirectory = lib.mkForce "";  # optional, keeps things simple
+        RuntimeDirectory = lib.mkForce "";
+        ProtectSystem = lib.mkForce "no";
+        ProtectHome   = lib.mkForce "no";
+        ReadWritePaths = [ "/var/lib/gitlab-runner" ];
       };
       # Basics
       systemd.oomd.enable = false;