mirror of
https://github.com/ilyakooo0/nixpkgs.git
synced 2024-12-29 14:57:28 +03:00
nixos/conduit: improve state directory permissions
Allow only the conduit user to access its database files, and make sure to create all new files with 0600 (o+rw).
This commit is contained in:
parent
7ce0abe77d
commit
18733782ad
@ -138,10 +138,12 @@ in
|
|||||||
"~@privileged"
|
"~@privileged"
|
||||||
];
|
];
|
||||||
StateDirectory = "matrix-conduit";
|
StateDirectory = "matrix-conduit";
|
||||||
|
StateDirectoryMode = "0700";
|
||||||
ExecStart = "${cfg.package}/bin/conduit";
|
ExecStart = "${cfg.package}/bin/conduit";
|
||||||
Restart = "on-failure";
|
Restart = "on-failure";
|
||||||
RestartSec = 10;
|
RestartSec = 10;
|
||||||
StartLimitBurst = 5;
|
StartLimitBurst = 5;
|
||||||
|
UMask = "077";
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
Loading…
Reference in New Issue
Block a user