diff options
author | Martin Weinelt <mweinelt@users.noreply.github.com> | 2022-10-29 12:37:51 +0200 |
---|---|---|
committer | GitHub <noreply@github.com> | 2022-10-29 12:37:51 +0200 |
commit | f3c660e95b6494739a21e51b70942264fa11cb7d (patch) | |
tree | e46509c1208e1dda8a2180484192439eb1f75797 /nixos | |
parent | 23b2b4e5b8aecc4c04d96c04af17c524f100f62e (diff) | |
parent | af4a43e36a697edbd108d3aabaacadfbe631b294 (diff) |
Merge pull request #198298 from yorickvP/int-rm-leading-zeroes
Diffstat (limited to 'nixos')
-rw-r--r-- | nixos/modules/security/acme/default.nix | 8 | ||||
-rw-r--r-- | nixos/modules/services/logging/journalwatch.nix | 2 | ||||
-rw-r--r-- | nixos/modules/services/matrix/appservice-discord.nix | 2 | ||||
-rw-r--r-- | nixos/modules/services/matrix/mautrix-telegram.nix | 2 | ||||
-rw-r--r-- | nixos/modules/services/misc/geoipupdate.nix | 2 | ||||
-rw-r--r-- | nixos/modules/services/misc/mx-puppet-discord.nix | 2 | ||||
-rw-r--r-- | nixos/modules/services/misc/rmfakecloud.nix | 2 | ||||
-rw-r--r-- | nixos/modules/services/monitoring/parsedmarc.nix | 2 | ||||
-rw-r--r-- | nixos/modules/services/web-apps/bookstack.nix | 2 | ||||
-rw-r--r-- | nixos/modules/services/web-apps/discourse.nix | 4 | ||||
-rw-r--r-- | nixos/modules/services/web-apps/keycloak.nix | 2 | ||||
-rw-r--r-- | nixos/modules/services/web-apps/snipe-it.nix | 2 |
12 files changed, 16 insertions, 16 deletions
diff --git a/nixos/modules/security/acme/default.nix b/nixos/modules/security/acme/default.nix index 1c4a88954b655..4e163901b0887 100644 --- a/nixos/modules/security/acme/default.nix +++ b/nixos/modules/security/acme/default.nix @@ -26,8 +26,8 @@ let Type = "oneshot"; User = user; Group = mkDefault "acme"; - UMask = 0022; - StateDirectoryMode = 750; + UMask = "0022"; + StateDirectoryMode = "750"; ProtectSystem = "strict"; ReadWritePaths = [ "/var/lib/acme" @@ -85,7 +85,7 @@ let serviceConfig = commonServiceConfig // { StateDirectory = "acme/.minica"; BindPaths = "/var/lib/acme/.minica:/tmp/ca"; - UMask = 0077; + UMask = "0077"; }; # Working directory will be /tmp @@ -243,7 +243,7 @@ let serviceConfig = commonServiceConfig // { Group = data.group; - UMask = 0027; + UMask = "0027"; StateDirectory = "acme/${cert}"; diff --git a/nixos/modules/services/logging/journalwatch.nix b/nixos/modules/services/logging/journalwatch.nix index a315da3ea0eee..55e2d600ee4fb 100644 --- a/nixos/modules/services/logging/journalwatch.nix +++ b/nixos/modules/services/logging/journalwatch.nix @@ -239,7 +239,7 @@ in { Type = "oneshot"; # requires a relative directory name to create beneath /var/lib StateDirectory = user; - StateDirectoryMode = 0750; + StateDirectoryMode = "0750"; ExecStart = "${pkgs.python3Packages.journalwatch}/bin/journalwatch mail"; # lowest CPU and IO priority, but both still in best-effort class to prevent starvation Nice=19; diff --git a/nixos/modules/services/matrix/appservice-discord.nix b/nixos/modules/services/matrix/appservice-discord.nix index 89b4bc98f494b..15f0f0cc0cdbf 100644 --- a/nixos/modules/services/matrix/appservice-discord.nix +++ b/nixos/modules/services/matrix/appservice-discord.nix @@ -137,7 +137,7 @@ in { PrivateTmp = true; WorkingDirectory = appDir; StateDirectory = baseNameOf dataDir; - UMask = 0027; + UMask = "0027"; EnvironmentFile = cfg.environmentFile; ExecStart = '' diff --git a/nixos/modules/services/matrix/mautrix-telegram.nix b/nixos/modules/services/matrix/mautrix-telegram.nix index be220e05a5261..8dda365a79176 100644 --- a/nixos/modules/services/matrix/mautrix-telegram.nix +++ b/nixos/modules/services/matrix/mautrix-telegram.nix @@ -162,7 +162,7 @@ in { PrivateTmp = true; WorkingDirectory = pkgs.mautrix-telegram; # necessary for the database migration scripts to be found StateDirectory = baseNameOf dataDir; - UMask = 0027; + UMask = "0027"; EnvironmentFile = cfg.environmentFile; ExecStart = '' diff --git a/nixos/modules/services/misc/geoipupdate.nix b/nixos/modules/services/misc/geoipupdate.nix index ad80d4892435d..27c1157e9a8c7 100644 --- a/nixos/modules/services/misc/geoipupdate.nix +++ b/nixos/modules/services/misc/geoipupdate.nix @@ -183,7 +183,7 @@ in DynamicUser = true; ReadWritePaths = cfg.settings.DatabaseDirectory; RuntimeDirectory = "geoipupdate"; - RuntimeDirectoryMode = 0700; + RuntimeDirectoryMode = "0700"; CapabilityBoundingSet = ""; PrivateDevices = true; PrivateMounts = true; diff --git a/nixos/modules/services/misc/mx-puppet-discord.nix b/nixos/modules/services/misc/mx-puppet-discord.nix index 33a6c8f26a957..36c9f8b122ea2 100644 --- a/nixos/modules/services/misc/mx-puppet-discord.nix +++ b/nixos/modules/services/misc/mx-puppet-discord.nix @@ -107,7 +107,7 @@ in { PrivateTmp = true; WorkingDirectory = pkgs.mx-puppet-discord; StateDirectory = baseNameOf dataDir; - UMask = 0027; + UMask = "0027"; ExecStart = '' ${pkgs.mx-puppet-discord}/bin/mx-puppet-discord \ diff --git a/nixos/modules/services/misc/rmfakecloud.nix b/nixos/modules/services/misc/rmfakecloud.nix index 25857c173b6ff..1cdfdeceabcde 100644 --- a/nixos/modules/services/misc/rmfakecloud.nix +++ b/nixos/modules/services/misc/rmfakecloud.nix @@ -138,7 +138,7 @@ in { SystemCallArchitectures = "native"; WorkingDirectory = serviceDataDir; StateDirectory = baseNameOf serviceDataDir; - UMask = 0027; + UMask = "0027"; }; }; }; diff --git a/nixos/modules/services/monitoring/parsedmarc.nix b/nixos/modules/services/monitoring/parsedmarc.nix index 7618414d9040f..3540d91fc9f37 100644 --- a/nixos/modules/services/monitoring/parsedmarc.nix +++ b/nixos/modules/services/monitoring/parsedmarc.nix @@ -494,7 +494,7 @@ in Group = "parsedmarc"; DynamicUser = true; RuntimeDirectory = "parsedmarc"; - RuntimeDirectoryMode = 0700; + RuntimeDirectoryMode = "0700"; CapabilityBoundingSet = ""; PrivateDevices = true; PrivateMounts = true; diff --git a/nixos/modules/services/web-apps/bookstack.nix b/nixos/modules/services/web-apps/bookstack.nix index 3fbccf5400879..eeef77727769b 100644 --- a/nixos/modules/services/web-apps/bookstack.nix +++ b/nixos/modules/services/web-apps/bookstack.nix @@ -372,7 +372,7 @@ in { User = user; WorkingDirectory = "${bookstack}"; RuntimeDirectory = "bookstack/cache"; - RuntimeDirectoryMode = 0700; + RuntimeDirectoryMode = "0700"; }; path = [ pkgs.replace-secret ]; script = diff --git a/nixos/modules/services/web-apps/discourse.nix b/nixos/modules/services/web-apps/discourse.nix index 66b22ec87db12..9ad451f31f743 100644 --- a/nixos/modules/services/web-apps/discourse.nix +++ b/nixos/modules/services/web-apps/discourse.nix @@ -798,13 +798,13 @@ in "public" "sockets" ]; - RuntimeDirectoryMode = 0750; + RuntimeDirectoryMode = "0750"; StateDirectory = map (p: "discourse/" + p) [ "uploads" "backups" "tmp" ]; - StateDirectoryMode = 0750; + StateDirectoryMode = "0750"; LogsDirectory = "discourse"; TimeoutSec = "infinity"; Restart = "on-failure"; diff --git a/nixos/modules/services/web-apps/keycloak.nix b/nixos/modules/services/web-apps/keycloak.nix index da53d4ea76f40..521cf778a36bf 100644 --- a/nixos/modules/services/web-apps/keycloak.nix +++ b/nixos/modules/services/web-apps/keycloak.nix @@ -616,7 +616,7 @@ in Group = "keycloak"; DynamicUser = true; RuntimeDirectory = "keycloak"; - RuntimeDirectoryMode = 0700; + RuntimeDirectoryMode = "0700"; AmbientCapabilities = "CAP_NET_BIND_SERVICE"; }; script = '' diff --git a/nixos/modules/services/web-apps/snipe-it.nix b/nixos/modules/services/web-apps/snipe-it.nix index 802d67cdb8e40..e0d2eb8c6ab2a 100644 --- a/nixos/modules/services/web-apps/snipe-it.nix +++ b/nixos/modules/services/web-apps/snipe-it.nix @@ -394,7 +394,7 @@ in { User = user; WorkingDirectory = snipe-it; RuntimeDirectory = "snipe-it/cache"; - RuntimeDirectoryMode = 0700; + RuntimeDirectoryMode = "0700"; }; path = [ pkgs.replace-secret ]; script = |