diff options
| -rw-r--r-- | nix/module.nix | 5 |
1 files changed, 5 insertions, 0 deletions
diff --git a/nix/module.nix b/nix/module.nix index 564259e..e192f95 100644 --- a/nix/module.nix +++ b/nix/module.nix | |||
| @@ -459,7 +459,12 @@ in { | |||
| 459 | 459 | ||
| 460 | # Create data directories with proper ownership using tmpfiles | 460 | # Create data directories with proper ownership using tmpfiles |
| 461 | # This runs as root before the service starts | 461 | # This runs as root before the service starts |
| 462 | # Note: Parent directories are created with root:root ownership (mode 0755) | ||
| 463 | # to ensure the path exists, while dataDir itself gets proper service ownership | ||
| 462 | systemd.tmpfiles.rules = flatten (mapAttrsToList (name: cfg: [ | 464 | systemd.tmpfiles.rules = flatten (mapAttrsToList (name: cfg: [ |
| 465 | # Create parent directories if they don't exist (root-owned, standard perms) | ||
| 466 | "d ${dirOf cfg.dataDir} 0755 root root -" | ||
| 467 | # Create service-owned directories | ||
| 463 | "d ${cfg.dataDir} 0750 ${cfg.user} ${cfg.group} -" | 468 | "d ${cfg.dataDir} 0750 ${cfg.user} ${cfg.group} -" |
| 464 | "d ${cfg.dataDir}/git 0750 ${cfg.user} ${cfg.group} -" | 469 | "d ${cfg.dataDir}/git 0750 ${cfg.user} ${cfg.group} -" |
| 465 | "d ${cfg.dataDir}/relay 0750 ${cfg.user} ${cfg.group} -" | 470 | "d ${cfg.dataDir}/relay 0750 ${cfg.user} ${cfg.group} -" |