diff options
| author | DanConwayDev <DanConwayDev@protonmail.com> | 2026-01-21 15:17:10 +0000 |
|---|---|---|
| committer | DanConwayDev <DanConwayDev@protonmail.com> | 2026-01-21 15:17:10 +0000 |
| commit | 7da6c0c601d276340fada02d4bd45080d927a16b (patch) | |
| tree | aade6beac6d3553533d799e26cb33d4e9da357f0 /src/git/protocol.rs | |
| parent | 81ef29e8589ac4e10b6f67b4ab4049645f05c020 (diff) | |
fix(nix): use separate setup service to create dataDir before namespace setup
The main service uses ReadWritePaths for security hardening, but systemd
requires these paths to exist BEFORE setting up the mount namespace.
ExecStartPre runs AFTER namespace setup, so it cannot create the directories.
This fix adds a separate oneshot setup service (ngit-grasp-{name}-setup)
that:
- Runs before the main service without namespace restrictions
- Creates dataDir and subdirectories (git/, relay/) with mkdir -p
- Sets proper ownership (user:group) and permissions (750)
- Uses RemainAfterExit so it only runs once per boot
The main service now depends on the setup service via requires/after.
Fixes: 'Failed to set up mount namespacing: /path: No such file or directory'
Diffstat (limited to 'src/git/protocol.rs')
0 files changed, 0 insertions, 0 deletions