From cb761dc5d66a50433f3bb3525214f72625454f80 Mon Sep 17 00:00:00 2001
From: Jonas Rabenstein <nonapode@fbs42.ddnss.de>
Date: Tue, 21 Jan 2025 17:37:39 +0100
Subject: [PATCH] module: refine systemd service

---
 flake.nix | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/flake.nix b/flake.nix
index b1db1dc..35b19c1 100644
--- a/flake.nix
+++ b/flake.nix
@@ -12,6 +12,14 @@
 
       config.systemd.services.boddle = lib.mkIf config.services.boddle.enable {
         script = lib.getExe pkgs.boddle;
+        confinement.enable = true;
+        unitConfig.conditionPathExists = [
+          "/var/lib/boddle/boddle.toml"
+          "/var/lib/boddle/boddle.db"
+        ];
+        serviceConfig.WorkingDirectory = "/var/lib/boddle";
+        serviceConfig.StateDirectory = "/var/lib/boddle";
+        serviceConfig.DynamicUser = true;
       };
     };