nixos/matrix-synapse: add media_store_path to services ReadWritePaths

Currently, when setting a custom media_store_path, which lies outside of cfg.dataDir, the current ReadWritePaths make it so that Synapse can't access the media_store_path. So add the media_store_path to ReadWritePaths to fix that.
author: Julian Schacher <julian@jsts.xyz> 2023-10-09 02:27:05 +0200
committer: Julian Schacher <julian@jsts.xyz> 2023-10-09 02:27:05 +0200
commit: 722e9df2fbcb8ad19a21677b426ef784a28d3ede (patch)
tree: 784c280650a124750db9f91ec89f1b35eeaff011 /nixos/modules/services/matrix
parent: 7ae736453eb02b0d7db3634e736bd0780e475094 (diff)
1 files changed, 1 insertions, 1 deletions
diff --git a/nixos/modules/services/matrix/synapse.nix b/nixos/modules/services/matrix/synapse.nix
index 1354a8cb58b42..34930a7ba69b3 100644
--- a/nixos/modules/services/matrix/synapse.nix
+++ b/nixos/modules/services/matrix/synapse.nix
@@ -1070,7 +1070,7 @@ in {
             ProtectKernelTunables = true;
             ProtectProc = "invisible";
             ProtectSystem = "strict";
-            ReadWritePaths = [ cfg.dataDir ];
+            ReadWritePaths = [ cfg.dataDir cfg.settings.media_store_path ];
             RemoveIPC = true;
             RestrictAddressFamilies = [ "AF_INET" "AF_INET6" "AF_UNIX" ];
             RestrictNamespaces = true;
author	Julian Schacher <julian@jsts.xyz>	2023-10-09 02:27:05 +0200
committer	Julian Schacher <julian@jsts.xyz>	2023-10-09 02:27:05 +0200
commit	722e9df2fbcb8ad19a21677b426ef784a28d3ede (patch)
tree	784c280650a124750db9f91ec89f1b35eeaff011 /nixos/modules/services/matrix
parent	7ae736453eb02b0d7db3634e736bd0780e475094 (diff)