Merge pull request #49 from icewind1991/module-readwritepaths

nixos: add storage path to ReadWritePaths
2024-12-14 11:57:30 +00:00 · 2024-01-18 15:30:49 -07:00 · 2024-01-18 15:30:49 -07:00 · a7c878bffc
commit a7c878bffc
parent e6bedf1869 c98be70263
1 changed files with 4 additions and 0 deletions
--- a/nixos/atticd.nix
+++ b/nixos/atticd.nix
@ -203,6 +203,10 @@ in
          RestrictNamespaces = true;
          RestrictRealtime = true;
          RestrictSUIDSGID = true;
+          ReadWritePaths = let
+            path = cfg.settings.storage.path;
+            isDefaultStateDirectory = path == "/var/lib/atticd" || lib.hasPrefix "/var/lib/atticd/" path;
+          in lib.optionals (cfg.settings.storage.type or "" == "local" && !isDefaultStateDirectory) [ path ];
        };
      };