From 2b003c0269a9e7d09bccee3b8c1a055a0d11e354 Mon Sep 17 00:00:00 2001 From: Martin Weinelt Date: Sat, 16 Mar 2024 23:39:31 +0100 Subject: [PATCH] nixos/pretix: make state directory world-readable Pretix creates static files in its state directory, that nginx needs to serve, so locking down the permissions that hard is not going to work. --- nixos/modules/services/web-apps/pretix.nix | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/nixos/modules/services/web-apps/pretix.nix b/nixos/modules/services/web-apps/pretix.nix index 65e658d474eb..500b2eb5416b 100644 --- a/nixos/modules/services/web-apps/pretix.nix +++ b/nixos/modules/services/web-apps/pretix.nix @@ -468,6 +468,7 @@ in StateDirectory = [ "pretix" ]; + StateDirectoryMode = "0755"; CacheDirectory = "pretix"; LogsDirectory = "pretix"; WorkingDirectory = cfg.settings.pretix.datadir; @@ -506,7 +507,7 @@ in "~@privileged" "@chown" ]; - UMask = "0077"; + UMask = "0022"; }; }; in {