thohlt/archtika
1
0
Fork 0
mirror of https://github.com/thiloho/archtika.git synced 2025-11-22 10:51:36 +01:00
Code Issues Packages Projects Releases Wiki Activity

Give read permissions to restricted postgres service in module

Browse Source
This commit is contained in:
thiloho
2025-01-03 17:28:02 +01:00
parent dd59e995e8
commit f0ebb94d82
2 changed files with 11 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
nix/dev-vm.nix
View File

@@ -109,6 +109,10 @@
gnutar gnutar
gzip gzip
]; ];
serviceConfig = {
ReadWritePaths = [ "/var/www/archtika-websites" ];
};
}; };
services.getty.autologinUser = "dev"; services.getty.autologinUser = "dev";

11
nix/module.nix
View File

@@ -162,7 +162,6 @@ in
Group = cfg.group; Group = cfg.group;
Restart = "always"; Restart = "always";
WorkingDirectory = "${cfg.package}/rest-api"; WorkingDirectory = "${cfg.package}/rest-api";
RestrictAddressFamilies = [ RestrictAddressFamilies = [
"AF_INET" "AF_INET"
"AF_INET6" "AF_INET6"
@@ -208,7 +207,6 @@ in
Group = cfg.group; Group = cfg.group;
Restart = "always"; Restart = "always";
WorkingDirectory = "${cfg.package}/web-app"; WorkingDirectory = "${cfg.package}/web-app";
RestrictAddressFamilies = [ RestrictAddressFamilies = [
"AF_INET" "AF_INET"
"AF_INET6" "AF_INET6"
@@ -236,8 +234,13 @@ in
extensions = ps: with ps; [ pgjwt ]; extensions = ps: with ps; [ pgjwt ];
}; };
systemd.services.postgresql.path = builtins.attrValues { systemd.services.postgresql = {
inherit (pkgs) gnutar gzip; path = builtins.attrValues {
inherit (pkgs) gnutar gzip;
};
serviceConfig = {
ReadWritePaths = [ "/var/www/archtika-websites" ];
};
}; };
services.nginx = { services.nginx = {