From 7b6b627a6653c5917c74406896575f0a7c138a30 Mon Sep 17 00:00:00 2001 From: Niklas Hambüchen Date: Mon, 6 May 2024 03:18:29 +0200 Subject: nixos/caddy: Comment why ExecStart is reset --- nixos/modules/services/web-servers/caddy/default.nix | 1 + 1 file changed, 1 insertion(+) (limited to 'nixos') diff --git a/nixos/modules/services/web-servers/caddy/default.nix b/nixos/modules/services/web-servers/caddy/default.nix index 08ce50bff62c0..7faf0e895a433 100644 --- a/nixos/modules/services/web-servers/caddy/default.nix +++ b/nixos/modules/services/web-servers/caddy/default.nix @@ -360,6 +360,7 @@ in serviceConfig = let runOptions = ''--config ${configPath} ${optionalString (cfg.adapter != null) "--adapter ${cfg.adapter}"}''; in { + # Override the `ExecStart` line from upstream's systemd unit file by our own: # https://www.freedesktop.org/software/systemd/man/systemd.service.html#ExecStart= # If the empty string is assigned to this option, the list of commands to start is reset, prior assignments of this option will have no effect. ExecStart = [ "" ''${cfg.package}/bin/caddy run ${runOptions} ${optionalString cfg.resume "--resume"}'' ]; -- cgit 1.4.1 From 9d7a729277d7a71f584d37181df0236ece2522ab Mon Sep 17 00:00:00 2001 From: Niklas Hambüchen Date: Mon, 6 May 2024 03:18:51 +0200 Subject: treewide: ReadWriteDirectories -> ReadWritePaths. These were renamed in systemd v231: https://github.com/systemd/systemd/commit/2a624c36e646e9ef8d204a506b12e7dbd380e111 --- nixos/modules/services/misc/zoneminder.nix | 2 +- nixos/modules/services/security/step-ca.nix | 2 +- nixos/modules/services/web-servers/caddy/default.nix | 2 +- nixos/modules/services/web-servers/traefik.nix | 2 +- 4 files changed, 4 insertions(+), 4 deletions(-) (limited to 'nixos') diff --git a/nixos/modules/services/misc/zoneminder.nix b/nixos/modules/services/misc/zoneminder.nix index 84c3a6710c0db..d09cd87febfff 100644 --- a/nixos/modules/services/misc/zoneminder.nix +++ b/nixos/modules/services/misc/zoneminder.nix @@ -350,7 +350,7 @@ in { RestartSec = "10s"; CacheDirectory = dirs cacheDirs; RuntimeDirectory = dirName; - ReadWriteDirectories = lib.mkIf useCustomDir [ cfg.storageDir ]; + ReadWritePaths = lib.mkIf useCustomDir [ cfg.storageDir ]; StateDirectory = dirs (lib.optionals (!useCustomDir) libDirs); LogsDirectory = dirName; PrivateTmp = true; diff --git a/nixos/modules/services/security/step-ca.nix b/nixos/modules/services/security/step-ca.nix index c708cb2b8910d..e9195fbd51608 100644 --- a/nixos/modules/services/security/step-ca.nix +++ b/nixos/modules/services/security/step-ca.nix @@ -107,7 +107,7 @@ in UMask = "0077"; Environment = "HOME=%S/step-ca"; WorkingDirectory = ""; # override upstream - ReadWriteDirectories = ""; # override upstream + ReadWritePaths = ""; # override upstream # LocalCredential handles file permission problems arising from the use of DynamicUser. LoadCredential = "intermediate_password:${cfg.intermediatePasswordFile}"; diff --git a/nixos/modules/services/web-servers/caddy/default.nix b/nixos/modules/services/web-servers/caddy/default.nix index 7faf0e895a433..1cd1448c7d567 100644 --- a/nixos/modules/services/web-servers/caddy/default.nix +++ b/nixos/modules/services/web-servers/caddy/default.nix @@ -368,7 +368,7 @@ in ExecReload = [ "" ''${cfg.package}/bin/caddy reload ${runOptions} --force'' ]; User = cfg.user; Group = cfg.group; - ReadWriteDirectories = cfg.dataDir; + ReadWritePaths = [ cfg.dataDir ]; StateDirectory = mkIf (cfg.dataDir == "/var/lib/caddy") [ "caddy" ]; LogsDirectory = mkIf (cfg.logDir == "/var/log/caddy") [ "caddy" ]; Restart = "on-failure"; diff --git a/nixos/modules/services/web-servers/traefik.nix b/nixos/modules/services/web-servers/traefik.nix index 9c53455bcf3d7..1a65ce21112ee 100644 --- a/nixos/modules/services/web-servers/traefik.nix +++ b/nixos/modules/services/web-servers/traefik.nix @@ -170,7 +170,7 @@ in { PrivateDevices = true; ProtectHome = true; ProtectSystem = "full"; - ReadWriteDirectories = cfg.dataDir; + ReadWritePaths = [ cfg.dataDir ]; RuntimeDirectory = "traefik"; }; }; -- cgit 1.4.1