use tmpfiles for file permission
This commit is contained in:
parent
e72f2c6375
commit
64d6abda88
1 changed files with 13 additions and 11 deletions
|
@ -4,28 +4,30 @@ with lib; {
|
|||
networking.firewall.interfaces."gummybears".allowedTCPPorts = [ 8384 ];
|
||||
|
||||
clanCore.facts.services.syncthing = factsGenerator.syncthing { };
|
||||
tmpfiles.settings.syncthing.d = {
|
||||
"/run/facts/syncthing" = {
|
||||
type = "d";
|
||||
user = config.services.syncthing.user;
|
||||
group = config.services.syncthing.group;
|
||||
mode = "400";
|
||||
};
|
||||
"/run/facts/syncthing.key" = {
|
||||
|
||||
# todo : use tmpfiles.rules
|
||||
systemd.tmpfiles.settings.syncthing = {
|
||||
"/run/facts/syncthing.key".C = {
|
||||
type = "C";
|
||||
user = config.services.syncthing.user;
|
||||
group = config.services.syncthing.group;
|
||||
mode = "400";
|
||||
argument = config.clanCore.facts.services.syncthing.secret."syncthing.key".path;
|
||||
};
|
||||
"/run/facts/syncthing.cert".C = {
|
||||
type = "C";
|
||||
user = config.services.syncthing.user;
|
||||
group = config.services.syncthing.group;
|
||||
mode = "400";
|
||||
argument = config.clanCore.facts.services.syncthing.secret."syncthing.cert".path;
|
||||
};
|
||||
};
|
||||
|
||||
services.syncthing = {
|
||||
guiAddress = lib.mkDefault "${config.networking.hostName}.${ config.clan.static-hosts.topLevelDomain }:8384";
|
||||
overrideDevices = lib.mkDefault true;
|
||||
key = config.clanCore.facts.services.syncthing.secret."syncthing.key".path;
|
||||
cert = config.clanCore.facts.services.syncthing.secret."syncthing.cert".path;
|
||||
|
||||
key = "/run/facts/syncthing.key";
|
||||
cert = "/run/facts/syncthing.cert";
|
||||
settings.devices =
|
||||
let
|
||||
machineDir = "${config.clanCore.clanDir}/machines";
|
||||
|
|
Loading…
Reference in a new issue