From aa7bbb4bad3bffa9605cb27f52ccd84a7dfaf7c0 Mon Sep 17 00:00:00 2001 From: Greg Shuflin Date: Tue, 20 Sep 2022 00:43:58 -0700 Subject: [PATCH] Patch to prevent chmod --- modules/bitcoind.nix | 16 +++++++++------- 1 file changed, 9 insertions(+), 7 deletions(-) diff --git a/modules/bitcoind.nix b/modules/bitcoind.nix index c01e666..23cb6d6 100644 --- a/modules/bitcoind.nix +++ b/modules/bitcoind.nix @@ -367,9 +367,10 @@ in { proto.sam.enable = true; }; - systemd.tmpfiles.rules = [ - "d '${cfg.dataDir}' 0770 ${cfg.user} ${cfg.group} - -" - ]; + # Commented out to avoid trying to chown the nfs-mounted directory + # systemd.tmpfiles.rules = [ + # "d '${cfg.dataDir}' 0770 ${cfg.user} ${cfg.group} - -" + # ]; systemd.services.bitcoind = { # Use `wants` instead of `requires` so that bitcoind and all dependent services @@ -412,9 +413,9 @@ in { ''; # Enable RPC access for group - postStart = '' - chmod g=r '${cfg.dataDir}/${optionalString cfg.regtest "regtest/"}.cookie' - ''; + # postStart = '' + # chmod g=r '${cfg.dataDir}/${optionalString cfg.regtest "regtest/"}.cookie' + # ''; serviceConfig = nbLib.defaultHardening // { Type = "notify"; @@ -426,7 +427,8 @@ in { ExecStart = "${cfg.package}/bin/bitcoind -datadir='${cfg.dataDir}'"; Restart = "on-failure"; UMask = mkIf cfg.dataDirReadableByGroup "0027"; - ReadWritePaths = [ cfg.dataDir ]; + #ReadWritePaths = [ cfg.dataDir ]; + ReadWritePaths = [ "/dummy" ]; } // nbLib.allowedIPAddresses cfg.tor.enforce // optionalAttrs zmqServerEnabled nbLib.allowNetlink; };