use tmpfiles for file permission

This commit is contained in:
Ingolf Wagner 2024-06-04 09:13:35 +02:00
parent e72f2c6375
commit 64d6abda88
No known key found for this signature in database
GPG key ID: 76BF5F1928B9618B

View file

@ -4,28 +4,30 @@ with lib; {
networking.firewall.interfaces."gummybears".allowedTCPPorts = [ 8384 ];
clanCore.facts.services.syncthing = factsGenerator.syncthing { };
tmpfiles.settings.syncthing.d = {
"/run/facts/syncthing" = {
type = "d";
user = config.services.syncthing.user;
group = config.services.syncthing.group;
mode = "400";
};
"/run/facts/syncthing.key" = {
# todo : use tmpfiles.rules
systemd.tmpfiles.settings.syncthing = {
"/run/facts/syncthing.key".C = {
type = "C";
user = config.services.syncthing.user;
group = config.services.syncthing.group;
mode = "400";
argument = config.clanCore.facts.services.syncthing.secret."syncthing.key".path;
};
"/run/facts/syncthing.cert".C = {
type = "C";
user = config.services.syncthing.user;
group = config.services.syncthing.group;
mode = "400";
argument = config.clanCore.facts.services.syncthing.secret."syncthing.cert".path;
};
};
services.syncthing = {
guiAddress = lib.mkDefault "${config.networking.hostName}.${ config.clan.static-hosts.topLevelDomain }:8384";
overrideDevices = lib.mkDefault true;
key = config.clanCore.facts.services.syncthing.secret."syncthing.key".path;
cert = config.clanCore.facts.services.syncthing.secret."syncthing.cert".path;
key = "/run/facts/syncthing.key";
cert = "/run/facts/syncthing.cert";
settings.devices =
let
machineDir = "${config.clanCore.clanDir}/machines";