nixos/typesense: disable MemoryDenyWriteExecute which is needed since 0.25.1

also adjust default state directory mode to allow typesense group
2024-09-24 22:27:30 +03:00 · 2023-09-23 16:37:23 +02:00 · 2023-09-23 16:37:23 +02:00 · 11d4f6e4a8
commit 11d4f6e4a8
parent 9edb077ace
1 changed files with 2 additions and 2 deletions
--- a/nixos/modules/services/search/typesense.nix
+++ b/nixos/modules/services/search/typesense.nix
@ -83,12 +83,12 @@ in {
        Group = "typesense";

        StateDirectory = "typesense";
-        StateDirectoryMode = "0700";
+        StateDirectoryMode = "0750";

        # Hardening
        CapabilityBoundingSet = "";
        LockPersonality = true;
-        MemoryDenyWriteExecute = true;
+        # MemoryDenyWriteExecute = true; needed since 0.25.1
        NoNewPrivileges = true;
        PrivateUsers = true;
        PrivateTmp = true;