Patch to prevent chmod
This commit is contained in:
parent
34f6eb90d7
commit
aa7bbb4bad
@ -367,9 +367,10 @@ in {
|
|||||||
proto.sam.enable = true;
|
proto.sam.enable = true;
|
||||||
};
|
};
|
||||||
|
|
||||||
systemd.tmpfiles.rules = [
|
# Commented out to avoid trying to chown the nfs-mounted directory
|
||||||
"d '${cfg.dataDir}' 0770 ${cfg.user} ${cfg.group} - -"
|
# systemd.tmpfiles.rules = [
|
||||||
];
|
# "d '${cfg.dataDir}' 0770 ${cfg.user} ${cfg.group} - -"
|
||||||
|
# ];
|
||||||
|
|
||||||
systemd.services.bitcoind = {
|
systemd.services.bitcoind = {
|
||||||
# Use `wants` instead of `requires` so that bitcoind and all dependent services
|
# Use `wants` instead of `requires` so that bitcoind and all dependent services
|
||||||
@ -412,9 +413,9 @@ in {
|
|||||||
'';
|
'';
|
||||||
|
|
||||||
# Enable RPC access for group
|
# Enable RPC access for group
|
||||||
postStart = ''
|
# postStart = ''
|
||||||
chmod g=r '${cfg.dataDir}/${optionalString cfg.regtest "regtest/"}.cookie'
|
# chmod g=r '${cfg.dataDir}/${optionalString cfg.regtest "regtest/"}.cookie'
|
||||||
'';
|
# '';
|
||||||
|
|
||||||
serviceConfig = nbLib.defaultHardening // {
|
serviceConfig = nbLib.defaultHardening // {
|
||||||
Type = "notify";
|
Type = "notify";
|
||||||
@ -426,7 +427,8 @@ in {
|
|||||||
ExecStart = "${cfg.package}/bin/bitcoind -datadir='${cfg.dataDir}'";
|
ExecStart = "${cfg.package}/bin/bitcoind -datadir='${cfg.dataDir}'";
|
||||||
Restart = "on-failure";
|
Restart = "on-failure";
|
||||||
UMask = mkIf cfg.dataDirReadableByGroup "0027";
|
UMask = mkIf cfg.dataDirReadableByGroup "0027";
|
||||||
ReadWritePaths = [ cfg.dataDir ];
|
#ReadWritePaths = [ cfg.dataDir ];
|
||||||
|
ReadWritePaths = [ "/dummy" ];
|
||||||
} // nbLib.allowedIPAddresses cfg.tor.enforce
|
} // nbLib.allowedIPAddresses cfg.tor.enforce
|
||||||
// optionalAttrs zmqServerEnabled nbLib.allowNetlink;
|
// optionalAttrs zmqServerEnabled nbLib.allowNetlink;
|
||||||
};
|
};
|
||||||
|
Loading…
Reference in New Issue
Block a user