From bf6716375a939c3eabaa35c4e40583e75988b301 Mon Sep 17 00:00:00 2001
From: sylyx <local@aitrader>
Date: Thu, 7 May 2026 14:36:46 +0200
Subject: [PATCH] fix(systemd): disable ProtectHome (uv stores python in user
 home)

---
 deploy/systemd/aitrader-dashboard.service | 2 +-
 deploy/systemd/aitrader.service           | 3 ++-
 2 files changed, 3 insertions(+), 2 deletions(-)

diff --git a/deploy/systemd/aitrader-dashboard.service b/deploy/systemd/aitrader-dashboard.service
index eb1adc8..2657a8b 100644
--- a/deploy/systemd/aitrader-dashboard.service
+++ b/deploy/systemd/aitrader-dashboard.service
@@ -23,7 +23,7 @@ StandardError=journal
 
 NoNewPrivileges=true
 ProtectSystem=strict
-ProtectHome=true
+ProtectHome=false
 ReadWritePaths=/opt/aitrader/data
 PrivateTmp=true
 
diff --git a/deploy/systemd/aitrader.service b/deploy/systemd/aitrader.service
index 442db33..c22d46c 100644
--- a/deploy/systemd/aitrader.service
+++ b/deploy/systemd/aitrader.service
@@ -18,7 +18,8 @@ StandardError=journal
 # Hardening
 NoNewPrivileges=true
 ProtectSystem=strict
-ProtectHome=true
+# ProtectHome=false weil uv den Python-Interpreter in /home/aitrader/.local/share/uv ablegt
+ProtectHome=false
 ReadWritePaths=/opt/aitrader/data
 PrivateTmp=true
 ProtectKernelTunables=true