diff --git a/internal/restic/runner.go b/internal/restic/runner.go
index 7e40e7f..1455169 100644
--- a/internal/restic/runner.go
+++ b/internal/restic/runner.go
@@ -10,7 +10,6 @@ import (
 	"errors"
 	"fmt"
 	"io"
-	"os"
 	"os/exec"
 	"strings"
 	"time"
@@ -229,18 +228,21 @@ func pumpPlain(r io.Reader, stream string, handle LineHandler) error {
 // HOME / XDG_CACHE_HOME are set explicitly because restic insists
 // on one or the other for its cache dir; without it the command
 // fails before ever talking to the repo.
+//
+// Default to /var/lib/restic-manager — that's in the systemd unit's
+// ReadWritePaths and survives ProtectHome=read-only. We do NOT fall
+// back to the parent's HOME env var: the agent runs as root with
+// HOME=/root, but ProtectHome makes /root read-only, so restic's
+// `mkdir /root/.cache/restic` fails. ExtraEnv overrides win for
+// callers that explicitly want a different cache location.
 func (e Env) envSlice() []string {
 	home := "/var/lib/restic-manager"
 	if h, ok := e.ExtraEnv["HOME"]; ok && h != "" {
 		home = h
-	} else if h := os.Getenv("HOME"); h != "" {
-		home = h
 	}
 	xdg := home + "/.cache"
 	if x, ok := e.ExtraEnv["XDG_CACHE_HOME"]; ok && x != "" {
 		xdg = x
-	} else if x := os.Getenv("XDG_CACHE_HOME"); x != "" {
-		xdg = x
 	}
 	out := []string{
 		"RESTIC_REPOSITORY=" + mergeRestCreds(e.RepoURL, e.RepoUsername, e.RepoPassword),