Merge pull request #309424 from NixOS/ReadWriteDirectories-ReadWritePaths
nixos/{zoneminder,caddy,traefik}: ReadWriteDirectories -> ReadWritePaths
This commit is contained in:
commit
8907c1017d
|
@ -350,7 +350,7 @@ in {
|
||||||
RestartSec = "10s";
|
RestartSec = "10s";
|
||||||
CacheDirectory = dirs cacheDirs;
|
CacheDirectory = dirs cacheDirs;
|
||||||
RuntimeDirectory = dirName;
|
RuntimeDirectory = dirName;
|
||||||
ReadWriteDirectories = lib.mkIf useCustomDir [ cfg.storageDir ];
|
ReadWritePaths = lib.mkIf useCustomDir [ cfg.storageDir ];
|
||||||
StateDirectory = dirs (lib.optionals (!useCustomDir) libDirs);
|
StateDirectory = dirs (lib.optionals (!useCustomDir) libDirs);
|
||||||
LogsDirectory = dirName;
|
LogsDirectory = dirName;
|
||||||
PrivateTmp = true;
|
PrivateTmp = true;
|
||||||
|
|
|
@ -107,7 +107,7 @@ in
|
||||||
UMask = "0077";
|
UMask = "0077";
|
||||||
Environment = "HOME=%S/step-ca";
|
Environment = "HOME=%S/step-ca";
|
||||||
WorkingDirectory = ""; # override upstream
|
WorkingDirectory = ""; # override upstream
|
||||||
ReadWriteDirectories = ""; # override upstream
|
ReadWritePaths = ""; # override upstream
|
||||||
|
|
||||||
# LocalCredential handles file permission problems arising from the use of DynamicUser.
|
# LocalCredential handles file permission problems arising from the use of DynamicUser.
|
||||||
LoadCredential = "intermediate_password:${cfg.intermediatePasswordFile}";
|
LoadCredential = "intermediate_password:${cfg.intermediatePasswordFile}";
|
||||||
|
|
|
@ -360,6 +360,7 @@ in
|
||||||
serviceConfig = let
|
serviceConfig = let
|
||||||
runOptions = ''--config ${configPath} ${optionalString (cfg.adapter != null) "--adapter ${cfg.adapter}"}'';
|
runOptions = ''--config ${configPath} ${optionalString (cfg.adapter != null) "--adapter ${cfg.adapter}"}'';
|
||||||
in {
|
in {
|
||||||
|
# Override the `ExecStart` line from upstream's systemd unit file by our own:
|
||||||
# https://www.freedesktop.org/software/systemd/man/systemd.service.html#ExecStart=
|
# https://www.freedesktop.org/software/systemd/man/systemd.service.html#ExecStart=
|
||||||
# If the empty string is assigned to this option, the list of commands to start is reset, prior assignments of this option will have no effect.
|
# If the empty string is assigned to this option, the list of commands to start is reset, prior assignments of this option will have no effect.
|
||||||
ExecStart = [ "" ''${cfg.package}/bin/caddy run ${runOptions} ${optionalString cfg.resume "--resume"}'' ];
|
ExecStart = [ "" ''${cfg.package}/bin/caddy run ${runOptions} ${optionalString cfg.resume "--resume"}'' ];
|
||||||
|
@ -367,7 +368,7 @@ in
|
||||||
ExecReload = [ "" ''${cfg.package}/bin/caddy reload ${runOptions} --force'' ];
|
ExecReload = [ "" ''${cfg.package}/bin/caddy reload ${runOptions} --force'' ];
|
||||||
User = cfg.user;
|
User = cfg.user;
|
||||||
Group = cfg.group;
|
Group = cfg.group;
|
||||||
ReadWriteDirectories = cfg.dataDir;
|
ReadWritePaths = [ cfg.dataDir ];
|
||||||
StateDirectory = mkIf (cfg.dataDir == "/var/lib/caddy") [ "caddy" ];
|
StateDirectory = mkIf (cfg.dataDir == "/var/lib/caddy") [ "caddy" ];
|
||||||
LogsDirectory = mkIf (cfg.logDir == "/var/log/caddy") [ "caddy" ];
|
LogsDirectory = mkIf (cfg.logDir == "/var/log/caddy") [ "caddy" ];
|
||||||
Restart = "on-failure";
|
Restart = "on-failure";
|
||||||
|
|
|
@ -170,7 +170,7 @@ in {
|
||||||
PrivateDevices = true;
|
PrivateDevices = true;
|
||||||
ProtectHome = true;
|
ProtectHome = true;
|
||||||
ProtectSystem = "full";
|
ProtectSystem = "full";
|
||||||
ReadWriteDirectories = cfg.dataDir;
|
ReadWritePaths = [ cfg.dataDir ];
|
||||||
RuntimeDirectory = "traefik";
|
RuntimeDirectory = "traefik";
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|
Loading…
Reference in New Issue
Block a user