From 43ec75741dd9ed8e3410bc8210163d545b048e09 Mon Sep 17 00:00:00 2001 From: Zuckerberg Date: Sun, 1 Mar 2026 17:54:11 -0800 Subject: [PATCH] Fix memos failing to open SQLite database on ZFS ProtectSystem=strict with ReadWritePaths fails silently on ZFS submounts (/var/lib is a separate dataset), leaving the data dir read-only. Downgrade to ProtectSystem=full which leaves /var writable while still protecting /usr and /boot. --- machines/storage/s0/default.nix | 2 ++ 1 file changed, 2 insertions(+) diff --git a/machines/storage/s0/default.nix b/machines/storage/s0/default.nix index 7e7823a..bf06eec 100644 --- a/machines/storage/s0/default.nix +++ b/machines/storage/s0/default.nix @@ -341,6 +341,8 @@ enable = true; settings.MEMOS_PORT = "57643"; }; + # ReadWritePaths doesn't work with ProtectSystem=strict on ZFS submounts (/var/lib is a separate dataset) + systemd.services.memos.serviceConfig.ProtectSystem = lib.mkForce "full"; services.outline = { enable = true;