Loading nixos/modules/security/acme/default.nix +4 −4 Original line number Diff line number Diff line Loading @@ -26,8 +26,8 @@ let Type = "oneshot"; User = user; Group = mkDefault "acme"; UMask = 0022; StateDirectoryMode = 750; UMask = "0022"; StateDirectoryMode = "750"; ProtectSystem = "strict"; ReadWritePaths = [ "/var/lib/acme" Loading Loading @@ -85,7 +85,7 @@ let serviceConfig = commonServiceConfig // { StateDirectory = "acme/.minica"; BindPaths = "/var/lib/acme/.minica:/tmp/ca"; UMask = 0077; UMask = "0077"; }; # Working directory will be /tmp Loading Loading @@ -243,7 +243,7 @@ let serviceConfig = commonServiceConfig // { Group = data.group; UMask = 0027; UMask = "0027"; StateDirectory = "acme/${cert}"; Loading nixos/modules/services/logging/journalwatch.nix +1 −1 Original line number Diff line number Diff line Loading @@ -239,7 +239,7 @@ in { Type = "oneshot"; # requires a relative directory name to create beneath /var/lib StateDirectory = user; StateDirectoryMode = 0750; StateDirectoryMode = "0750"; ExecStart = "${pkgs.python3Packages.journalwatch}/bin/journalwatch mail"; # lowest CPU and IO priority, but both still in best-effort class to prevent starvation Nice=19; Loading nixos/modules/services/matrix/appservice-discord.nix +1 −1 Original line number Diff line number Diff line Loading @@ -137,7 +137,7 @@ in { PrivateTmp = true; WorkingDirectory = appDir; StateDirectory = baseNameOf dataDir; UMask = 0027; UMask = "0027"; EnvironmentFile = cfg.environmentFile; ExecStart = '' Loading nixos/modules/services/matrix/mautrix-telegram.nix +1 −1 Original line number Diff line number Diff line Loading @@ -162,7 +162,7 @@ in { PrivateTmp = true; WorkingDirectory = pkgs.mautrix-telegram; # necessary for the database migration scripts to be found StateDirectory = baseNameOf dataDir; UMask = 0027; UMask = "0027"; EnvironmentFile = cfg.environmentFile; ExecStart = '' Loading nixos/modules/services/misc/geoipupdate.nix +1 −1 Original line number Diff line number Diff line Loading @@ -183,7 +183,7 @@ in DynamicUser = true; ReadWritePaths = cfg.settings.DatabaseDirectory; RuntimeDirectory = "geoipupdate"; RuntimeDirectoryMode = 0700; RuntimeDirectoryMode = "0700"; CapabilityBoundingSet = ""; PrivateDevices = true; PrivateMounts = true; Loading Loading
nixos/modules/security/acme/default.nix +4 −4 Original line number Diff line number Diff line Loading @@ -26,8 +26,8 @@ let Type = "oneshot"; User = user; Group = mkDefault "acme"; UMask = 0022; StateDirectoryMode = 750; UMask = "0022"; StateDirectoryMode = "750"; ProtectSystem = "strict"; ReadWritePaths = [ "/var/lib/acme" Loading Loading @@ -85,7 +85,7 @@ let serviceConfig = commonServiceConfig // { StateDirectory = "acme/.minica"; BindPaths = "/var/lib/acme/.minica:/tmp/ca"; UMask = 0077; UMask = "0077"; }; # Working directory will be /tmp Loading Loading @@ -243,7 +243,7 @@ let serviceConfig = commonServiceConfig // { Group = data.group; UMask = 0027; UMask = "0027"; StateDirectory = "acme/${cert}"; Loading
nixos/modules/services/logging/journalwatch.nix +1 −1 Original line number Diff line number Diff line Loading @@ -239,7 +239,7 @@ in { Type = "oneshot"; # requires a relative directory name to create beneath /var/lib StateDirectory = user; StateDirectoryMode = 0750; StateDirectoryMode = "0750"; ExecStart = "${pkgs.python3Packages.journalwatch}/bin/journalwatch mail"; # lowest CPU and IO priority, but both still in best-effort class to prevent starvation Nice=19; Loading
nixos/modules/services/matrix/appservice-discord.nix +1 −1 Original line number Diff line number Diff line Loading @@ -137,7 +137,7 @@ in { PrivateTmp = true; WorkingDirectory = appDir; StateDirectory = baseNameOf dataDir; UMask = 0027; UMask = "0027"; EnvironmentFile = cfg.environmentFile; ExecStart = '' Loading
nixos/modules/services/matrix/mautrix-telegram.nix +1 −1 Original line number Diff line number Diff line Loading @@ -162,7 +162,7 @@ in { PrivateTmp = true; WorkingDirectory = pkgs.mautrix-telegram; # necessary for the database migration scripts to be found StateDirectory = baseNameOf dataDir; UMask = 0027; UMask = "0027"; EnvironmentFile = cfg.environmentFile; ExecStart = '' Loading
nixos/modules/services/misc/geoipupdate.nix +1 −1 Original line number Diff line number Diff line Loading @@ -183,7 +183,7 @@ in DynamicUser = true; ReadWritePaths = cfg.settings.DatabaseDirectory; RuntimeDirectory = "geoipupdate"; RuntimeDirectoryMode = 0700; RuntimeDirectoryMode = "0700"; CapabilityBoundingSet = ""; PrivateDevices = true; PrivateMounts = true; Loading
