Merge pull request #198298 from yorickvP/int-rm-leading-zeroes

2022-10-29 12:37:51 +02:00 · 2022-10-29 12:37:51 +02:00 · f3c660e95b
commit f3c660e95b
parent 23b2b4e5b8 af4a43e36a
12 changed files with 16 additions and 16 deletions
--- a/nixos/modules/security/acme/default.nix
+++ b/nixos/modules/security/acme/default.nix
@ -26,8 +26,8 @@ let
    Type = "oneshot";
    User = user;
    Group = mkDefault "acme";
-    UMask = 0022;
+    UMask = "0022";
-    StateDirectoryMode = 750;
+    StateDirectoryMode = "750";
    ProtectSystem = "strict";
    ReadWritePaths = [
      "/var/lib/acme"
@ -85,7 +85,7 @@ let
    serviceConfig = commonServiceConfig // {
      StateDirectory = "acme/.minica";
      BindPaths = "/var/lib/acme/.minica:/tmp/ca";
-      UMask = 0077;
+      UMask = "0077";
    };
    # Working directory will be /tmp
@ -243,7 +243,7 @@ let
      serviceConfig = commonServiceConfig // {
        Group = data.group;
-        UMask = 0027;
+        UMask = "0027";
        StateDirectory = "acme/${cert}";
--- a/nixos/modules/services/logging/journalwatch.nix
+++ b/nixos/modules/services/logging/journalwatch.nix
@ -239,7 +239,7 @@ in {
        Type = "oneshot";
        # requires a relative directory name to create beneath /var/lib
        StateDirectory = user;
-        StateDirectoryMode = 0750;
+        StateDirectoryMode = "0750";
        ExecStart = "${pkgs.python3Packages.journalwatch}/bin/journalwatch mail";
        # lowest CPU and IO priority, but both still in best-effort class to prevent starvation
        Nice=19;
--- a/nixos/modules/services/matrix/appservice-discord.nix
+++ b/nixos/modules/services/matrix/appservice-discord.nix
@ -137,7 +137,7 @@ in {
        PrivateTmp = true;
        WorkingDirectory = appDir;
        StateDirectory = baseNameOf dataDir;
-        UMask = 0027;
+        UMask = "0027";
        EnvironmentFile = cfg.environmentFile;
        ExecStart = ''
--- a/nixos/modules/services/matrix/mautrix-telegram.nix
+++ b/nixos/modules/services/matrix/mautrix-telegram.nix
@ -162,7 +162,7 @@ in {
        PrivateTmp = true;
        WorkingDirectory = pkgs.mautrix-telegram; # necessary for the database migration scripts to be found
        StateDirectory = baseNameOf dataDir;
-        UMask = 0027;
+        UMask = "0027";
        EnvironmentFile = cfg.environmentFile;
        ExecStart = ''
--- a/nixos/modules/services/misc/geoipupdate.nix
+++ b/nixos/modules/services/misc/geoipupdate.nix
@ -183,7 +183,7 @@ in
        DynamicUser = true;
        ReadWritePaths = cfg.settings.DatabaseDirectory;
        RuntimeDirectory = "geoipupdate";
-        RuntimeDirectoryMode = 0700;
+        RuntimeDirectoryMode = "0700";
        CapabilityBoundingSet = "";
        PrivateDevices = true;
        PrivateMounts = true;
--- a/nixos/modules/services/misc/mx-puppet-discord.nix
+++ b/nixos/modules/services/misc/mx-puppet-discord.nix
@ -107,7 +107,7 @@ in {
        PrivateTmp = true;
        WorkingDirectory = pkgs.mx-puppet-discord;
        StateDirectory = baseNameOf dataDir;
-        UMask = 0027;
+        UMask = "0027";
        ExecStart = ''
          ${pkgs.mx-puppet-discord}/bin/mx-puppet-discord \
--- a/nixos/modules/services/misc/rmfakecloud.nix
+++ b/nixos/modules/services/misc/rmfakecloud.nix
@ -138,7 +138,7 @@ in {
        SystemCallArchitectures = "native";
        WorkingDirectory = serviceDataDir;
        StateDirectory = baseNameOf serviceDataDir;
-        UMask = 0027;
+        UMask = "0027";
      };
    };
  };
--- a/nixos/modules/services/monitoring/parsedmarc.nix
+++ b/nixos/modules/services/monitoring/parsedmarc.nix
@ -494,7 +494,7 @@ in
            Group = "parsedmarc";
            DynamicUser = true;
            RuntimeDirectory = "parsedmarc";
-            RuntimeDirectoryMode = 0700;
+            RuntimeDirectoryMode = "0700";
            CapabilityBoundingSet = "";
            PrivateDevices = true;
            PrivateMounts = true;
--- a/nixos/modules/services/web-apps/bookstack.nix
+++ b/nixos/modules/services/web-apps/bookstack.nix
@ -372,7 +372,7 @@ in {
        User = user;
        WorkingDirectory = "${bookstack}";
        RuntimeDirectory = "bookstack/cache";
-        RuntimeDirectoryMode = 0700;
+        RuntimeDirectoryMode = "0700";
      };
      path = [ pkgs.replace-secret ];
      script =
--- a/nixos/modules/services/web-apps/discourse.nix
+++ b/nixos/modules/services/web-apps/discourse.nix
@ -798,13 +798,13 @@ in
          "public"
          "sockets"
        ];
-        RuntimeDirectoryMode = 0750;
+        RuntimeDirectoryMode = "0750";
        StateDirectory = map (p: "discourse/" + p) [
          "uploads"
          "backups"
          "tmp"
        ];
-        StateDirectoryMode = 0750;
+        StateDirectoryMode = "0750";
        LogsDirectory = "discourse";
        TimeoutSec = "infinity";
        Restart = "on-failure";
--- a/nixos/modules/services/web-apps/keycloak.nix
+++ b/nixos/modules/services/web-apps/keycloak.nix
@ -616,7 +616,7 @@ in
              Group = "keycloak";
              DynamicUser = true;
              RuntimeDirectory = "keycloak";
-              RuntimeDirectoryMode = 0700;
+              RuntimeDirectoryMode = "0700";
              AmbientCapabilities = "CAP_NET_BIND_SERVICE";
            };
            script = ''
--- a/nixos/modules/services/web-apps/snipe-it.nix
+++ b/nixos/modules/services/web-apps/snipe-it.nix
@ -394,7 +394,7 @@ in {
        User = user;
        WorkingDirectory = snipe-it;
        RuntimeDirectory = "snipe-it/cache";
-        RuntimeDirectoryMode = 0700;
+        RuntimeDirectoryMode = "0700";
      };
      path = [ pkgs.replace-secret ];
      script =