diff options
author | Niklas Hambüchen <mail@nh2.me> | 2024-05-07 01:13:06 +0200 |
---|---|---|
committer | GitHub <noreply@github.com> | 2024-05-07 01:13:06 +0200 |
commit | 8907c1017d0000ffb827096565d8fffed67c8955 (patch) | |
tree | eb17b95f98a79da328bde4ce67d8df9254794ea3 /nixos | |
parent | e1b75a40d9c4693d36f05127e474e65cbcfa78bf (diff) | |
parent | 9d7a729277d7a71f584d37181df0236ece2522ab (diff) |
Merge pull request #309424 from NixOS/ReadWriteDirectories-ReadWritePaths
nixos/{zoneminder,caddy,traefik}: ReadWriteDirectories -> ReadWritePaths
Diffstat (limited to 'nixos')
-rw-r--r-- | nixos/modules/services/misc/zoneminder.nix | 2 | ||||
-rw-r--r-- | nixos/modules/services/security/step-ca.nix | 2 | ||||
-rw-r--r-- | nixos/modules/services/web-servers/caddy/default.nix | 3 | ||||
-rw-r--r-- | nixos/modules/services/web-servers/traefik.nix | 2 |
4 files changed, 5 insertions, 4 deletions
diff --git a/nixos/modules/services/misc/zoneminder.nix b/nixos/modules/services/misc/zoneminder.nix index 84c3a6710c0db..d09cd87febfff 100644 --- a/nixos/modules/services/misc/zoneminder.nix +++ b/nixos/modules/services/misc/zoneminder.nix @@ -350,7 +350,7 @@ in { RestartSec = "10s"; CacheDirectory = dirs cacheDirs; RuntimeDirectory = dirName; - ReadWriteDirectories = lib.mkIf useCustomDir [ cfg.storageDir ]; + ReadWritePaths = lib.mkIf useCustomDir [ cfg.storageDir ]; StateDirectory = dirs (lib.optionals (!useCustomDir) libDirs); LogsDirectory = dirName; PrivateTmp = true; diff --git a/nixos/modules/services/security/step-ca.nix b/nixos/modules/services/security/step-ca.nix index c708cb2b8910d..e9195fbd51608 100644 --- a/nixos/modules/services/security/step-ca.nix +++ b/nixos/modules/services/security/step-ca.nix @@ -107,7 +107,7 @@ in UMask = "0077"; Environment = "HOME=%S/step-ca"; WorkingDirectory = ""; # override upstream - ReadWriteDirectories = ""; # override upstream + ReadWritePaths = ""; # override upstream # LocalCredential handles file permission problems arising from the use of DynamicUser. LoadCredential = "intermediate_password:${cfg.intermediatePasswordFile}"; diff --git a/nixos/modules/services/web-servers/caddy/default.nix b/nixos/modules/services/web-servers/caddy/default.nix index 08ce50bff62c0..1cd1448c7d567 100644 --- a/nixos/modules/services/web-servers/caddy/default.nix +++ b/nixos/modules/services/web-servers/caddy/default.nix @@ -360,6 +360,7 @@ in serviceConfig = let runOptions = ''--config ${configPath} ${optionalString (cfg.adapter != null) "--adapter ${cfg.adapter}"}''; in { + # Override the `ExecStart` line from upstream's systemd unit file by our own: # https://www.freedesktop.org/software/systemd/man/systemd.service.html#ExecStart= # If the empty string is assigned to this option, the list of commands to start is reset, prior assignments of this option will have no effect. ExecStart = [ "" ''${cfg.package}/bin/caddy run ${runOptions} ${optionalString cfg.resume "--resume"}'' ]; @@ -367,7 +368,7 @@ in ExecReload = [ "" ''${cfg.package}/bin/caddy reload ${runOptions} --force'' ]; User = cfg.user; Group = cfg.group; - ReadWriteDirectories = cfg.dataDir; + ReadWritePaths = [ cfg.dataDir ]; StateDirectory = mkIf (cfg.dataDir == "/var/lib/caddy") [ "caddy" ]; LogsDirectory = mkIf (cfg.logDir == "/var/log/caddy") [ "caddy" ]; Restart = "on-failure"; diff --git a/nixos/modules/services/web-servers/traefik.nix b/nixos/modules/services/web-servers/traefik.nix index 9c53455bcf3d7..1a65ce21112ee 100644 --- a/nixos/modules/services/web-servers/traefik.nix +++ b/nixos/modules/services/web-servers/traefik.nix @@ -170,7 +170,7 @@ in { PrivateDevices = true; ProtectHome = true; ProtectSystem = "full"; - ReadWriteDirectories = cfg.dataDir; + ReadWritePaths = [ cfg.dataDir ]; RuntimeDirectory = "traefik"; }; }; |