From a4426c50b95051543257adc5e3bf063cbd7cc217 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Torjus=20H=C3=A5kestad?= <torjus@usit.uio.no>
Date: Thu, 12 Mar 2026 20:20:07 +0100
Subject: [PATCH] media1: override ProtectHome for promtail to read kodi logs

The NixOS promtail module sets ProtectHome=true which blocks access
to /home entirely. Override to read-only so promtail can tail
/home/kodi/.kodi/temp/kodi.log.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
---
 hosts/media1/media-desktop.nix | 1 +
 1 file changed, 1 insertion(+)

diff --git a/hosts/media1/media-desktop.nix b/hosts/media1/media-desktop.nix
index d76b764..cd71bf6 100644
--- a/hosts/media1/media-desktop.nix
+++ b/hosts/media1/media-desktop.nix
@@ -102,6 +102,7 @@ in
 
   # Allow promtail to read kodi logs
   users.users.promtail.extraGroups = [ "kodi" ];
+  systemd.services.promtail.serviceConfig.ProtectHome = lib.mkForce "read-only";
 
   # Packages available on the system
   environment.systemPackages = [