From 3a4e4f6c3db746c872d09b856d2cbcf887148bd9 Mon Sep 17 00:00:00 2001
From: Martin Weinelt <hexa@darmstadt.ccc.de>
Date: Tue, 30 Sep 2025 00:29:35 +0200
Subject: [PATCH] nixos/wyoming/piper: relax ProcSubset to all

The onnxruntime library wants to query cpuinfo, which fails when the proc
subset is restricted.

Close: #445723
---
 nixos/modules/services/home-automation/wyoming/piper.nix | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/nixos/modules/services/home-automation/wyoming/piper.nix b/nixos/modules/services/home-automation/wyoming/piper.nix
index 39add1192c05..e21b4f881e7f 100644
--- a/nixos/modules/services/home-automation/wyoming/piper.nix
+++ b/nixos/modules/services/home-automation/wyoming/piper.nix
@@ -190,7 +190,7 @@ in
             ProtectKernelTunables = true;
             ProtectControlGroups = true;
             ProtectProc = "invisible";
-            ProcSubset = "pid";
+            ProcSubset = "all"; # for onnxruntime, which queries cpuinfo
             RestrictAddressFamilies = [
               "AF_INET"
               "AF_INET6"