Give read permissions to restricted postgres service in module

2025-11-22 02:41:35 +01:00 · 2025-01-03 17:28:02 +01:00
parent dd59e995e8
commit f0ebb94d82
2 changed files with 11 additions and 4 deletions
--- a/nix/module.nix
+++ b/nix/module.nix
@@ -162,7 +162,6 @@ in
          Group = cfg.group;
          Restart = "always";
          WorkingDirectory = "${cfg.package}/rest-api";
-
          RestrictAddressFamilies = [
            "AF_INET"
            "AF_INET6"
@@ -208,7 +207,6 @@ in
          Group = cfg.group;
          Restart = "always";
          WorkingDirectory = "${cfg.package}/web-app";
-
          RestrictAddressFamilies = [
            "AF_INET"
            "AF_INET6"
@@ -236,8 +234,13 @@ in
        extensions = ps: with ps; [ pgjwt ];
      };

-      systemd.services.postgresql.path = builtins.attrValues {
-        inherit (pkgs) gnutar gzip;
+      systemd.services.postgresql = {
+        path = builtins.attrValues {
+          inherit (pkgs) gnutar gzip;
+        };
+        serviceConfig = {
+          ReadWritePaths = [ "/var/www/archtika-websites" ];
+        };
      };

      services.nginx = {