nixos/acme: Set /var/lib/acme permissions to 755

It was being created with the default home permissions of 700, and then set to 755 at runtime by something either some script or systemd as part of service startup. It worked fine without sysusers, but when it's enabed with: systemd.sysusers.enable = true; systemd-tmpfiles is resetting permissions on each activation, which breaks, for example, nginx reload, because it cannot load certificates anymore, because it doesn't have any access to `/var/lib/acme`. Fix this by setting `homeMode = "755";` explicitely so that it's set to the final value from the beginning.
2024-11-04 15:49:57 +01:00 · 2024-11-04 15:49:57 +01:00 · 64a6e8292a
commit 64a6e8292a
parent 4a5e52829b
1 changed files with 1 additions and 0 deletions
--- a/nixos/modules/security/acme/default.nix
+++ b/nixos/modules/security/acme/default.nix
@ -968,6 +968,7 @@ in {

      users.users.acme = {
        home = "/var/lib/acme";
+        homeMode = "755";
        group = "acme";
        isSystemUser = true;
      };