fix(nix): explicitly create parent directories for dataDir in tmpfiles

The tmpfiles.rules now explicitly creates the parent directory of dataDir with root:root ownership and 0755 permissions before creating the service-owned directories. This ensures the directory hierarchy exists even if parent directories are missing. While systemd-tmpfiles should create parent directories automatically, this makes the behavior explicit and ensures proper permissions on the immediate parent directory.
author: DanConwayDev <DanConwayDev@protonmail.com> 2026-01-21 15:13:45 +0000
committer: DanConwayDev <DanConwayDev@protonmail.com> 2026-01-21 15:13:45 +0000
commit: 81ef29e8589ac4e10b6f67b4ab4049645f05c020 (patch)
tree: 25b21be94e25fbdde852ec700295c8b77c696d62 /nix
parent: 6c3c93752e9ee8da7f16fbeda70f9eb7a0ca8eb0 (diff)
1 files changed, 5 insertions, 0 deletions
diff --git a/nix/module.nix b/nix/module.nix
index 564259e..e192f95 100644
--- a/nix/module.nix
+++ b/nix/module.nix
@@ -459,7 +459,12 @@ in {
    # Create data directories with proper ownership using tmpfiles
    # This runs as root before the service starts
+    # Note: Parent directories are created with root:root ownership (mode 0755)
+    # to ensure the path exists, while dataDir itself gets proper service ownership
    systemd.tmpfiles.rules = flatten (mapAttrsToList (name: cfg: [
+      # Create parent directories if they don't exist (root-owned, standard perms)
+      "d ${dirOf cfg.dataDir} 0755 root root -"
+      # Create service-owned directories
      "d ${cfg.dataDir} 0750 ${cfg.user} ${cfg.group} -"
      "d ${cfg.dataDir}/git 0750 ${cfg.user} ${cfg.group} -"
      "d ${cfg.dataDir}/relay 0750 ${cfg.user} ${cfg.group} -"
author	DanConwayDev <DanConwayDev@protonmail.com>	2026-01-21 15:13:45 +0000
committer	DanConwayDev <DanConwayDev@protonmail.com>	2026-01-21 15:13:45 +0000
commit	81ef29e8589ac4e10b6f67b4ab4049645f05c020 (patch)
tree	25b21be94e25fbdde852ec700295c8b77c696d62 /nix
parent	6c3c93752e9ee8da7f16fbeda70f9eb7a0ca8eb0 (diff)