From 5a7269f55d5604f6795f8bcc3daed982a3775fe4 Mon Sep 17 00:00:00 2001
From: h7x4 <h7x4@nani.wtf>
Date: Wed, 5 Nov 2025 09:27:37 +0900
Subject: [PATCH] common/irqbalance: apply chroot

---
 hosts/common/services/irqbalance.nix | 21 +++++++++++++++++++--
 1 file changed, 19 insertions(+), 2 deletions(-)

diff --git a/hosts/common/services/irqbalance.nix b/hosts/common/services/irqbalance.nix
index 078e569..807369a 100644
--- a/hosts/common/services/irqbalance.nix
+++ b/hosts/common/services/irqbalance.nix
@@ -1,4 +1,21 @@
-{ ... }:
+{ config, lib, ... }:
+let
+  cfg = config.services.irqbalance;
+in
 {
   services.irqbalance.enable = true;
-}
\ No newline at end of file
+
+  systemd.services.irqbalance.serviceConfig = lib.mkIf cfg.enable {
+    RuntimeDirectory = [
+      "irqbalance"
+      "irqbalance/root-mnt"
+    ];
+
+    RootDirectory = "/run/irqbalance/root-mnt";
+    BindReadOnlyPaths = [
+      builtins.storeDir
+    ];
+    # NoExecPaths = "/";
+    # ExecPaths = lib.getExe cfg.package;
+  };
+}