From f1fe3e65111c43ca66938bb7fc5a8a0c99f273fa Mon Sep 17 00:00:00 2001
From: Kyren223 <kyren223@proton.me>
Date: Sun, 3 Aug 2025 19:04:35 +0300
Subject: [PATCH] Disabled hardening in grafana

---
 nixosModules/eko.nix | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/nixosModules/eko.nix b/nixosModules/eko.nix
index 4d5086a..80897a1 100644
--- a/nixosModules/eko.nix
+++ b/nixosModules/eko.nix
@@ -28,6 +28,14 @@
     # Allow grafana access to the sqlite db
     users.users.eko.group = lib.mkForce "grafana";
     systemd.services.eko.serviceConfig.StateDirectoryMode = lib.mkForce "0750";
+    systemd.services.grafana = {
+      serviceConfig = {
+        ProtectHome = lib.mkForce false;
+        ProtectSystem = lib.mkForce false;
+        PrivateTmp = lib.mkForce false;
+        ReadWritePaths = [ "/var/lib/eko" ];
+      };
+    };
 
     # Make sure acme module is active for the "kyren.codes" ssl cert
     acme.enable = true;