From 11d4f6e4a86e0c1493c57eccd4c2713648baa44f Mon Sep 17 00:00:00 2001
From: oddlama <oddlama@oddlama.org>
Date: Sat, 23 Sep 2023 16:37:23 +0200
Subject: [PATCH] nixos/typesense: disable MemoryDenyWriteExecute which is
 needed since 0.25.1 also adjust default state directory mode to allow
 typesense group

---
 nixos/modules/services/search/typesense.nix | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/nixos/modules/services/search/typesense.nix b/nixos/modules/services/search/typesense.nix
index 856c3cad22df..c158d04fea23 100644
--- a/nixos/modules/services/search/typesense.nix
+++ b/nixos/modules/services/search/typesense.nix
@@ -83,12 +83,12 @@ in {
         Group = "typesense";
 
         StateDirectory = "typesense";
-        StateDirectoryMode = "0700";
+        StateDirectoryMode = "0750";
 
         # Hardening
         CapabilityBoundingSet = "";
         LockPersonality = true;
-        MemoryDenyWriteExecute = true;
+        # MemoryDenyWriteExecute = true; needed since 0.25.1
         NoNewPrivileges = true;
         PrivateUsers = true;
         PrivateTmp = true;