fix(nix): use separate setup service to create dataDir before namespace setup - npub1tkq8unhsd5jqx6ueex5lcpsgknrpquxuk44ftpjlpm3ulaake7xs76txrw/ngit-grasp-mirror - Unnamed repository; edit this file 'description' to name the repository.

diff options

author	DanConwayDev <DanConwayDev@protonmail.com>	2026-01-21 15:17:10 +0000
committer	DanConwayDev <DanConwayDev@protonmail.com>	2026-01-21 15:17:10 +0000
commit	7da6c0c601d276340fada02d4bd45080d927a16b (patch)
tree	aade6beac6d3553533d799e26cb33d4e9da357f0 /docs/reference/relay-limits.md
parent	81ef29e8589ac4e10b6f67b4ab4049645f05c020 (diff)

fix(nix): use separate setup service to create dataDir before namespace setup

The main service uses ReadWritePaths for security hardening, but systemd requires these paths to exist BEFORE setting up the mount namespace. ExecStartPre runs AFTER namespace setup, so it cannot create the directories. This fix adds a separate oneshot setup service (ngit-grasp-{name}-setup) that: - Runs before the main service without namespace restrictions - Creates dataDir and subdirectories (git/, relay/) with mkdir -p - Sets proper ownership (user:group) and permissions (750) - Uses RemainAfterExit so it only runs once per boot The main service now depends on the setup service via requires/after. Fixes: 'Failed to set up mount namespacing: /path: No such file or directory'

Diffstat (limited to 'docs/reference/relay-limits.md')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode:

upleb.uk