Patch to prevent chmod

This commit is contained in:
Greg Shuflin 2022-09-20 00:43:58 -07:00
parent 34f6eb90d7
commit aa7bbb4bad

View File

@ -367,9 +367,10 @@ in {
proto.sam.enable = true;
};
systemd.tmpfiles.rules = [
"d '${cfg.dataDir}' 0770 ${cfg.user} ${cfg.group} - -"
];
# Commented out to avoid trying to chown the nfs-mounted directory
# systemd.tmpfiles.rules = [
# "d '${cfg.dataDir}' 0770 ${cfg.user} ${cfg.group} - -"
# ];
systemd.services.bitcoind = {
# Use `wants` instead of `requires` so that bitcoind and all dependent services
@ -412,9 +413,9 @@ in {
'';
# Enable RPC access for group
postStart = ''
chmod g=r '${cfg.dataDir}/${optionalString cfg.regtest "regtest/"}.cookie'
'';
# postStart = ''
# chmod g=r '${cfg.dataDir}/${optionalString cfg.regtest "regtest/"}.cookie'
# '';
serviceConfig = nbLib.defaultHardening // {
Type = "notify";
@ -426,7 +427,8 @@ in {
ExecStart = "${cfg.package}/bin/bitcoind -datadir='${cfg.dataDir}'";
Restart = "on-failure";
UMask = mkIf cfg.dataDirReadableByGroup "0027";
ReadWritePaths = [ cfg.dataDir ];
#ReadWritePaths = [ cfg.dataDir ];
ReadWritePaths = [ "/dummy" ];
} // nbLib.allowedIPAddresses cfg.tor.enforce
// optionalAttrs zmqServerEnabled nbLib.allowNetlink;
};