impermanence: fix /var/lib/private permissions

This commit is contained in:
chayleaf 2024-02-27 16:55:11 +07:00
parent 710de6ac83
commit 95fbc86d37
Signed by: chayleaf
GPG key ID: 78171AD46227E68E
2 changed files with 3 additions and 3 deletions

View file

@ -948,6 +948,6 @@ in {
{ directory = /secrets; mode = "0000"; } { directory = /secrets; mode = "0000"; }
# my custom impermanence module doesnt detect it # my custom impermanence module doesnt detect it
{ directory = /var/db/dhcpcd; mode = "0755"; } { directory = /var/db/dhcpcd; mode = "0755"; }
{ directory = /var/lib/private/kea; mode = "0750"; } { directory = /var/lib/private/kea; mode = "0750"; parentDirectory.mode = "0700"; }
]; ];
} }

View file

@ -70,14 +70,14 @@ in {
] ++ lib.optionals config.services.akkoma.enable [ ] ++ lib.optionals config.services.akkoma.enable [
{ directory = /var/lib/akkoma; user = "akkoma"; group = "akkoma"; mode = "0700"; } { directory = /var/lib/akkoma; user = "akkoma"; group = "akkoma"; mode = "0700"; }
] ++ lib.optionals config.services.botamusique.enable [ ] ++ lib.optionals config.services.botamusique.enable [
{ directory = /var/lib/private/botamusique; user = "root"; group = "root"; mode = "0750"; } { directory = /var/lib/private/botamusique; user = "root"; group = "root"; mode = "0750"; parentDirectory.mode = "0700"; }
] ++ lib.optionals config.programs.ccache.enable [ ] ++ lib.optionals config.programs.ccache.enable [
{ directory = config.programs.ccache.cacheDir; user = "root"; group = "nixbld"; mode = "0770"; } { directory = config.programs.ccache.cacheDir; user = "root"; group = "nixbld"; mode = "0770"; }
{ directory = /var/cache/sccache; user = "root"; group = "nixbld"; mode = "0770"; } { directory = /var/cache/sccache; user = "root"; group = "nixbld"; mode = "0770"; }
] ++ lib.optionals config.services.certspotter.enable [ ] ++ lib.optionals config.services.certspotter.enable [
{ directory = /var/lib/certspotter; user = "certspotter"; group = "certspotter"; mode = "0755"; } { directory = /var/lib/certspotter; user = "certspotter"; group = "certspotter"; mode = "0755"; }
] ++ lib.optionals (config.services.coop-ofd.enable or false) [ ] ++ lib.optionals (config.services.coop-ofd.enable or false) [
{ directory = /var/lib/private/coop-ofd; mode = "0750"; } { directory = /var/lib/private/coop-ofd; mode = "0750"; parentDirectory.mode = "0700"; }
] ++ lib.optionals config.services.dovecot2.enable [ ] ++ lib.optionals config.services.dovecot2.enable [
{ directory = /var/lib/dhparams; user = "root"; group = "root"; mode = "0755"; } { directory = /var/lib/dhparams; user = "root"; group = "root"; mode = "0755"; }
{ directory = /var/lib/dovecot; user = "root"; group = "root"; mode = "0755"; } { directory = /var/lib/dovecot; user = "root"; group = "root"; mode = "0755"; }