diff options
| author | Martin Weinelt <hexa@darmstadt.ccc.de> | 2024-03-16 23:39:31 +0100 |
|---|---|---|
| committer | Martin Weinelt <hexa@darmstadt.ccc.de> | 2024-03-16 23:44:37 +0100 |
| commit | 2b003c0269a9e7d09bccee3b8c1a055a0d11e354 (patch) | |
| tree | 698d4c1522628114c50eaf597568ee1799d2df17 /nixos/modules/services/web-apps | |
| parent | 7431fec51f55c6e31a6108e816fd384c15a28304 (diff) | |
nixos/pretix: make state directory world-readable
Pretix creates static files in its state directory, that nginx needs to serve, so locking down the permissions that hard is not going to work.
Diffstat (limited to 'nixos/modules/services/web-apps')
| -rw-r--r-- | nixos/modules/services/web-apps/pretix.nix | 3 |
1 files changed, 2 insertions, 1 deletions
diff --git a/nixos/modules/services/web-apps/pretix.nix b/nixos/modules/services/web-apps/pretix.nix index 65e658d474ebf..500b2eb5416b0 100644 --- a/nixos/modules/services/web-apps/pretix.nix +++ b/nixos/modules/services/web-apps/pretix.nix @@ -468,6 +468,7 @@ in StateDirectory = [ "pretix" ]; + StateDirectoryMode = "0755"; CacheDirectory = "pretix"; LogsDirectory = "pretix"; WorkingDirectory = cfg.settings.pretix.datadir; @@ -506,7 +507,7 @@ in "~@privileged" "@chown" ]; - UMask = "0077"; + UMask = "0022"; }; }; in { |