Patch to prevent chmod
This commit is contained in:
parent
34f6eb90d7
commit
6a7631f228
@ -367,9 +367,10 @@ in {
|
||||
proto.sam.enable = true;
|
||||
};
|
||||
|
||||
systemd.tmpfiles.rules = [
|
||||
"d '${cfg.dataDir}' 0770 ${cfg.user} ${cfg.group} - -"
|
||||
];
|
||||
# Commented out to avoid trying to chown the nfs-mounted directory
|
||||
# systemd.tmpfiles.rules = [
|
||||
# "d '${cfg.dataDir}' 0770 ${cfg.user} ${cfg.group} - -"
|
||||
# ];
|
||||
|
||||
systemd.services.bitcoind = {
|
||||
# Use `wants` instead of `requires` so that bitcoind and all dependent services
|
||||
@ -412,9 +413,9 @@ in {
|
||||
'';
|
||||
|
||||
# Enable RPC access for group
|
||||
postStart = ''
|
||||
chmod g=r '${cfg.dataDir}/${optionalString cfg.regtest "regtest/"}.cookie'
|
||||
'';
|
||||
# postStart = ''
|
||||
# chmod g=r '${cfg.dataDir}/${optionalString cfg.regtest "regtest/"}.cookie'
|
||||
# '';
|
||||
|
||||
serviceConfig = nbLib.defaultHardening // {
|
||||
Type = "notify";
|
||||
@ -426,7 +427,8 @@ in {
|
||||
ExecStart = "${cfg.package}/bin/bitcoind -datadir='${cfg.dataDir}'";
|
||||
Restart = "on-failure";
|
||||
UMask = mkIf cfg.dataDirReadableByGroup "0027";
|
||||
ReadWritePaths = [ cfg.dataDir ];
|
||||
ReadWritePaths = [ cfg.dataDir "/fake-dir"];
|
||||
#ReadWritePaths = [ "/dummy" ];
|
||||
} // nbLib.allowedIPAddresses cfg.tor.enforce
|
||||
// optionalAttrs zmqServerEnabled nbLib.allowNetlink;
|
||||
};
|
||||
|
Loading…
Reference in New Issue
Block a user