duplicity: restrict readability
This commit is contained in:
parent
809c9f74c3
commit
2385984152
|
@ -15,8 +15,12 @@ in
|
||||||
|
|
||||||
config = mkIf cfg.enable {
|
config = mkIf cfg.enable {
|
||||||
# we need this mostly because of the size of duplicity's cache
|
# we need this mostly because of the size of duplicity's cache
|
||||||
# TODO: move to cryptClearOnBoot and update perms
|
sane.persist.sys.cryptClearOnBoot = [{
|
||||||
sane.persist.sys.plaintext = [ "/var/lib/duplicity" ];
|
path = "/var/lib/duplicity";
|
||||||
|
user = "root";
|
||||||
|
group = "root";
|
||||||
|
mode = "0700";
|
||||||
|
}];
|
||||||
|
|
||||||
services.duplicity.enable = true;
|
services.duplicity.enable = true;
|
||||||
services.duplicity.targetUrl = "$DUPLICITY_URL";
|
services.duplicity.targetUrl = "$DUPLICITY_URL";
|
||||||
|
|
Loading…
Reference in New Issue
Block a user