ilyakooo0/nixpkgs
1
0
Fork 0
mirror of https://github.com/ilyakooo0/nixpkgs.git synced 2024-12-28 06:14:26 +03:00
Code Issues Projects Releases Wiki Activity

nixos/conduit: improve state directory permissions

Browse Source 
Allow only the conduit user to access its database files, and make sure
to create all new files with 0600 (o+rw).
This commit is contained in:
Martin Weinelt 2023-07-25 16:54:39 +02:00
parent 7ce0abe77d
commit 18733782ad
No known key found for this signature in database
GPG Key ID: 87C1E9888F856759
1 changed files with 2 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
nixos/modules/services/matrix/conduit.nix
View File

@ -138,10 +138,12 @@ in
"~@privileged"
];
StateDirectory = "matrix-conduit";
StateDirectoryMode = "0700";
ExecStart = "${cfg.package}/bin/conduit";
Restart = "on-failure";
RestartSec = 10;
StartLimitBurst = 5;
UMask = "077";
};
};
};