Merge pull request #198298 from yorickvP/int-rm-leading-zeroes
This commit is contained in:
commit
f3c660e95b
@ -26,8 +26,8 @@ let
|
|||||||
Type = "oneshot";
|
Type = "oneshot";
|
||||||
User = user;
|
User = user;
|
||||||
Group = mkDefault "acme";
|
Group = mkDefault "acme";
|
||||||
UMask = 0022;
|
UMask = "0022";
|
||||||
StateDirectoryMode = 750;
|
StateDirectoryMode = "750";
|
||||||
ProtectSystem = "strict";
|
ProtectSystem = "strict";
|
||||||
ReadWritePaths = [
|
ReadWritePaths = [
|
||||||
"/var/lib/acme"
|
"/var/lib/acme"
|
||||||
@ -85,7 +85,7 @@ let
|
|||||||
serviceConfig = commonServiceConfig // {
|
serviceConfig = commonServiceConfig // {
|
||||||
StateDirectory = "acme/.minica";
|
StateDirectory = "acme/.minica";
|
||||||
BindPaths = "/var/lib/acme/.minica:/tmp/ca";
|
BindPaths = "/var/lib/acme/.minica:/tmp/ca";
|
||||||
UMask = 0077;
|
UMask = "0077";
|
||||||
};
|
};
|
||||||
|
|
||||||
# Working directory will be /tmp
|
# Working directory will be /tmp
|
||||||
@ -243,7 +243,7 @@ let
|
|||||||
|
|
||||||
serviceConfig = commonServiceConfig // {
|
serviceConfig = commonServiceConfig // {
|
||||||
Group = data.group;
|
Group = data.group;
|
||||||
UMask = 0027;
|
UMask = "0027";
|
||||||
|
|
||||||
StateDirectory = "acme/${cert}";
|
StateDirectory = "acme/${cert}";
|
||||||
|
|
||||||
|
@ -239,7 +239,7 @@ in {
|
|||||||
Type = "oneshot";
|
Type = "oneshot";
|
||||||
# requires a relative directory name to create beneath /var/lib
|
# requires a relative directory name to create beneath /var/lib
|
||||||
StateDirectory = user;
|
StateDirectory = user;
|
||||||
StateDirectoryMode = 0750;
|
StateDirectoryMode = "0750";
|
||||||
ExecStart = "${pkgs.python3Packages.journalwatch}/bin/journalwatch mail";
|
ExecStart = "${pkgs.python3Packages.journalwatch}/bin/journalwatch mail";
|
||||||
# lowest CPU and IO priority, but both still in best-effort class to prevent starvation
|
# lowest CPU and IO priority, but both still in best-effort class to prevent starvation
|
||||||
Nice=19;
|
Nice=19;
|
||||||
|
@ -137,7 +137,7 @@ in {
|
|||||||
PrivateTmp = true;
|
PrivateTmp = true;
|
||||||
WorkingDirectory = appDir;
|
WorkingDirectory = appDir;
|
||||||
StateDirectory = baseNameOf dataDir;
|
StateDirectory = baseNameOf dataDir;
|
||||||
UMask = 0027;
|
UMask = "0027";
|
||||||
EnvironmentFile = cfg.environmentFile;
|
EnvironmentFile = cfg.environmentFile;
|
||||||
|
|
||||||
ExecStart = ''
|
ExecStart = ''
|
||||||
|
@ -162,7 +162,7 @@ in {
|
|||||||
PrivateTmp = true;
|
PrivateTmp = true;
|
||||||
WorkingDirectory = pkgs.mautrix-telegram; # necessary for the database migration scripts to be found
|
WorkingDirectory = pkgs.mautrix-telegram; # necessary for the database migration scripts to be found
|
||||||
StateDirectory = baseNameOf dataDir;
|
StateDirectory = baseNameOf dataDir;
|
||||||
UMask = 0027;
|
UMask = "0027";
|
||||||
EnvironmentFile = cfg.environmentFile;
|
EnvironmentFile = cfg.environmentFile;
|
||||||
|
|
||||||
ExecStart = ''
|
ExecStart = ''
|
||||||
|
@ -183,7 +183,7 @@ in
|
|||||||
DynamicUser = true;
|
DynamicUser = true;
|
||||||
ReadWritePaths = cfg.settings.DatabaseDirectory;
|
ReadWritePaths = cfg.settings.DatabaseDirectory;
|
||||||
RuntimeDirectory = "geoipupdate";
|
RuntimeDirectory = "geoipupdate";
|
||||||
RuntimeDirectoryMode = 0700;
|
RuntimeDirectoryMode = "0700";
|
||||||
CapabilityBoundingSet = "";
|
CapabilityBoundingSet = "";
|
||||||
PrivateDevices = true;
|
PrivateDevices = true;
|
||||||
PrivateMounts = true;
|
PrivateMounts = true;
|
||||||
|
@ -107,7 +107,7 @@ in {
|
|||||||
PrivateTmp = true;
|
PrivateTmp = true;
|
||||||
WorkingDirectory = pkgs.mx-puppet-discord;
|
WorkingDirectory = pkgs.mx-puppet-discord;
|
||||||
StateDirectory = baseNameOf dataDir;
|
StateDirectory = baseNameOf dataDir;
|
||||||
UMask = 0027;
|
UMask = "0027";
|
||||||
|
|
||||||
ExecStart = ''
|
ExecStart = ''
|
||||||
${pkgs.mx-puppet-discord}/bin/mx-puppet-discord \
|
${pkgs.mx-puppet-discord}/bin/mx-puppet-discord \
|
||||||
|
@ -138,7 +138,7 @@ in {
|
|||||||
SystemCallArchitectures = "native";
|
SystemCallArchitectures = "native";
|
||||||
WorkingDirectory = serviceDataDir;
|
WorkingDirectory = serviceDataDir;
|
||||||
StateDirectory = baseNameOf serviceDataDir;
|
StateDirectory = baseNameOf serviceDataDir;
|
||||||
UMask = 0027;
|
UMask = "0027";
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
@ -494,7 +494,7 @@ in
|
|||||||
Group = "parsedmarc";
|
Group = "parsedmarc";
|
||||||
DynamicUser = true;
|
DynamicUser = true;
|
||||||
RuntimeDirectory = "parsedmarc";
|
RuntimeDirectory = "parsedmarc";
|
||||||
RuntimeDirectoryMode = 0700;
|
RuntimeDirectoryMode = "0700";
|
||||||
CapabilityBoundingSet = "";
|
CapabilityBoundingSet = "";
|
||||||
PrivateDevices = true;
|
PrivateDevices = true;
|
||||||
PrivateMounts = true;
|
PrivateMounts = true;
|
||||||
|
@ -372,7 +372,7 @@ in {
|
|||||||
User = user;
|
User = user;
|
||||||
WorkingDirectory = "${bookstack}";
|
WorkingDirectory = "${bookstack}";
|
||||||
RuntimeDirectory = "bookstack/cache";
|
RuntimeDirectory = "bookstack/cache";
|
||||||
RuntimeDirectoryMode = 0700;
|
RuntimeDirectoryMode = "0700";
|
||||||
};
|
};
|
||||||
path = [ pkgs.replace-secret ];
|
path = [ pkgs.replace-secret ];
|
||||||
script =
|
script =
|
||||||
|
@ -798,13 +798,13 @@ in
|
|||||||
"public"
|
"public"
|
||||||
"sockets"
|
"sockets"
|
||||||
];
|
];
|
||||||
RuntimeDirectoryMode = 0750;
|
RuntimeDirectoryMode = "0750";
|
||||||
StateDirectory = map (p: "discourse/" + p) [
|
StateDirectory = map (p: "discourse/" + p) [
|
||||||
"uploads"
|
"uploads"
|
||||||
"backups"
|
"backups"
|
||||||
"tmp"
|
"tmp"
|
||||||
];
|
];
|
||||||
StateDirectoryMode = 0750;
|
StateDirectoryMode = "0750";
|
||||||
LogsDirectory = "discourse";
|
LogsDirectory = "discourse";
|
||||||
TimeoutSec = "infinity";
|
TimeoutSec = "infinity";
|
||||||
Restart = "on-failure";
|
Restart = "on-failure";
|
||||||
|
@ -616,7 +616,7 @@ in
|
|||||||
Group = "keycloak";
|
Group = "keycloak";
|
||||||
DynamicUser = true;
|
DynamicUser = true;
|
||||||
RuntimeDirectory = "keycloak";
|
RuntimeDirectory = "keycloak";
|
||||||
RuntimeDirectoryMode = 0700;
|
RuntimeDirectoryMode = "0700";
|
||||||
AmbientCapabilities = "CAP_NET_BIND_SERVICE";
|
AmbientCapabilities = "CAP_NET_BIND_SERVICE";
|
||||||
};
|
};
|
||||||
script = ''
|
script = ''
|
||||||
|
@ -394,7 +394,7 @@ in {
|
|||||||
User = user;
|
User = user;
|
||||||
WorkingDirectory = snipe-it;
|
WorkingDirectory = snipe-it;
|
||||||
RuntimeDirectory = "snipe-it/cache";
|
RuntimeDirectory = "snipe-it/cache";
|
||||||
RuntimeDirectoryMode = 0700;
|
RuntimeDirectoryMode = "0700";
|
||||||
};
|
};
|
||||||
path = [ pkgs.replace-secret ];
|
path = [ pkgs.replace-secret ];
|
||||||
script =
|
script =
|
||||||
|
Loading…
Reference in New Issue
Block a user