mirror of
https://github.com/CHN-beta/nixos.git
synced 2024-10-23 04:58:44 +08:00
fix tmpfiles permission
This commit is contained in:
parent
2d8c36d108
commit
b861d7bfb9
@ -77,7 +77,10 @@ inputs:
|
||||
};
|
||||
};
|
||||
tmpfiles.rules =
|
||||
let perm = "/var/lib/fz-new-order 0700 fz-new-order fz-new-order"; in [ "d ${perm}" "Z ${perm}" ];
|
||||
[
|
||||
"d /var/lib/fz-new-order 0700 fz-new-order fz-new-order"
|
||||
"Z /var/lib/fz-new-order - fz-new-order fz-new-order"
|
||||
];
|
||||
};
|
||||
sops = let userNum = 6; configNum = 2; in
|
||||
{
|
||||
|
@ -20,7 +20,7 @@ inputs:
|
||||
(user:
|
||||
[
|
||||
"d /var/lib/groupshare/${user} 2750 ${user} groupshare"
|
||||
"Z /var/lib/groupshare/${user} 2750 ${user} groupshare"
|
||||
"Z /var/lib/groupshare/${user} - ${user} groupshare"
|
||||
("A /var/lib/groupshare/${user} - - - - "
|
||||
# d 指 default, 即目录下新创建的文件和目录的权限
|
||||
# 大写 X 指仅给目录执行权限
|
||||
|
@ -40,6 +40,6 @@ inputs:
|
||||
};
|
||||
secrets."httpapi/token" = {};
|
||||
};
|
||||
systemd.tmpfiles.rules = let perm = "/srv/api 0700 nginx nginx"; in [ "d ${perm}" "Z ${perm}" ];
|
||||
systemd.tmpfiles.rules = [ "d /srv/api 0700 nginx nginx" "Z /srv/api - nginx nginx" ];
|
||||
};
|
||||
}
|
||||
|
@ -78,9 +78,9 @@ inputs:
|
||||
let
|
||||
user = instance.value.user;
|
||||
group = inputs.config.users.users.${instance.value.user}.group;
|
||||
perm = "/var/lib/meilisearch/${instance.name} 0700 ${user} ${group}";
|
||||
dir = "/var/lib/meilisearch/${instance.name}";
|
||||
in
|
||||
[ "d ${perm}" "Z ${perm}" ])
|
||||
[ "d ${dir} 0700 ${user} ${group}" "Z ${dir} - ${user} ${group}" ])
|
||||
(attrsToList meilisearch.instances));
|
||||
};
|
||||
sops =
|
||||
|
@ -37,8 +37,8 @@ inputs:
|
||||
})
|
||||
[ "ng01" "beta" ]);
|
||||
tmpfiles.rules = concatLists (map
|
||||
(perm: [ "d ${perm}" "Z ${perm}" ])
|
||||
(map (dir: "/srv/${dir}mirism 0700 nginx nginx") [ "" "entry." ]));
|
||||
(dir: [ "d /srv/${dir}mirism 0700 nginx nginx" "Z /srv/${dir}mirism - nginx nginx" ])
|
||||
[ "" "entry." ]);
|
||||
};
|
||||
nixos.services =
|
||||
{
|
||||
|
@ -48,9 +48,8 @@ inputs:
|
||||
Restart = "always";
|
||||
};
|
||||
};
|
||||
tmpfiles.rules =
|
||||
let perm = "/var/lib/misskey/${instance.name}/files 0700 misskey-${instance.name} misskey-${instance.name}";
|
||||
in [ "d ${perm}" "Z ${perm}" ];
|
||||
tmpfiles.rules = let dir = "/var/lib/misskey/${instance.name}/files"; owner = "misskey-${instance.name}"; in
|
||||
[ "d ${dir} 0700 ${owner} ${owner}" "Z ${dir} - ${owner} ${owner}" ];
|
||||
})
|
||||
(attrsToList misskey.instances));
|
||||
fileSystems = mkMerge (map
|
||||
|
@ -12,6 +12,6 @@ inputs:
|
||||
{
|
||||
nixos.services.nginx.https."blog.chn.moe".location."/".static =
|
||||
{ root = "/srv/blog"; index = [ "index.html" ]; };
|
||||
systemd.tmpfiles.rules = let perm = "/srv/blog 0700 nginx nginx"; in [ "d ${perm}" "Z ${perm}" ];
|
||||
systemd.tmpfiles.rules = [ "d /srv/blog 0700 nginx nginx" "Z /srv/blog - nginx nginx" ];
|
||||
};
|
||||
}
|
||||
|
@ -12,6 +12,6 @@ inputs:
|
||||
{
|
||||
nixos.services.nginx.https."catalog.chn.moe".location."/".static =
|
||||
{ root = "/srv/catalog"; index = [ "index.html" ]; };
|
||||
systemd.tmpfiles.rules = let perm = "/srv/catalog 0700 nginx nginx"; in [ "d ${perm}" "Z ${perm}" ];
|
||||
systemd.tmpfiles.rules = [ "d /srv/catalog 0700 nginx nginx" "Z /srv/catalog - nginx nginx" ];
|
||||
};
|
||||
}
|
||||
|
@ -13,6 +13,6 @@ inputs:
|
||||
{
|
||||
nixos.services.nginx.https.${kkmeeting.hostname}.location."/".static =
|
||||
{ root = "/srv/kkmeeting"; index = "auto"; charset = "utf-8"; };
|
||||
systemd.tmpfiles.rules = let perm = "/srv/kkmeeting 0700 nginx nginx"; in [ "d ${perm}" "Z ${perm}" ];
|
||||
systemd.tmpfiles.rules = [ "d /srv/kkmeeting 0700 nginx nginx" "Z /srv/kkmeeting - nginx nginx" ];
|
||||
};
|
||||
}
|
||||
|
@ -28,7 +28,7 @@ inputs:
|
||||
systemd = mkMerge (map
|
||||
(site:
|
||||
{
|
||||
tmpfiles.rules = let perm = "${site.path} 0700 nginx nginx"; in [ "d ${perm}" "Z ${perm}" ];
|
||||
tmpfiles.rules = [ "d ${site.path} 0700 nginx nginx" "Z ${site.path} - nginx nginx" ];
|
||||
services.nginx.serviceConfig.ReadWritePaths = [ site.path ];
|
||||
})
|
||||
(attrValues instances));
|
||||
|
Loading…
Reference in New Issue
Block a user