From 9ee5d83b7a938fd53c943734a6c0c1453b8a97ba Mon Sep 17 00:00:00 2001 From: Greg Shuflin Date: Tue, 20 Sep 2022 00:43:58 -0700 Subject: [PATCH] Patch to prevent chmod --- modules/bitcoind.nix | 15 ++++++++------- 1 file changed, 8 insertions(+), 7 deletions(-) diff --git a/modules/bitcoind.nix b/modules/bitcoind.nix index c01e666..c08746c 100644 --- a/modules/bitcoind.nix +++ b/modules/bitcoind.nix @@ -367,9 +367,10 @@ in { proto.sam.enable = true; }; - systemd.tmpfiles.rules = [ - "d '${cfg.dataDir}' 0770 ${cfg.user} ${cfg.group} - -" - ]; + # Commented out to avoid trying to chown the nfs-mounted directory + # systemd.tmpfiles.rules = [ + # "d '${cfg.dataDir}' 0770 ${cfg.user} ${cfg.group} - -" + # ]; systemd.services.bitcoind = { # Use `wants` instead of `requires` so that bitcoind and all dependent services @@ -412,9 +413,9 @@ in { ''; # Enable RPC access for group - postStart = '' - chmod g=r '${cfg.dataDir}/${optionalString cfg.regtest "regtest/"}.cookie' - ''; + # postStart = '' + # chmod g=r '${cfg.dataDir}/${optionalString cfg.regtest "regtest/"}.cookie' + # ''; serviceConfig = nbLib.defaultHardening // { Type = "notify"; @@ -426,7 +427,7 @@ in { ExecStart = "${cfg.package}/bin/bitcoind -datadir='${cfg.dataDir}'"; Restart = "on-failure"; UMask = mkIf cfg.dataDirReadableByGroup "0027"; - ReadWritePaths = [ cfg.dataDir ]; + #ReadWritePaths = [ cfg.dataDir ]; } // nbLib.allowedIPAddresses cfg.tor.enforce // optionalAttrs zmqServerEnabled nbLib.allowNetlink; };