Merge pull request #309424 from NixOS/ReadWriteDirectories-ReadWritePaths

nixos/{zoneminder,caddy,traefik}: ReadWriteDirectories -> ReadWritePaths
2024-05-07 01:13:06 +02:00 · 2024-05-07 01:13:06 +02:00 · 8907c1017d
commit 8907c1017d
parent e1b75a40d9 9d7a729277
4 changed files with 5 additions and 4 deletions
--- a/nixos/modules/services/misc/zoneminder.nix
+++ b/nixos/modules/services/misc/zoneminder.nix
@ -350,7 +350,7 @@ in {
          RestartSec = "10s";
          CacheDirectory = dirs cacheDirs;
          RuntimeDirectory = dirName;
-          ReadWriteDirectories = lib.mkIf useCustomDir [ cfg.storageDir ];
+          ReadWritePaths = lib.mkIf useCustomDir [ cfg.storageDir ];
          StateDirectory = dirs (lib.optionals (!useCustomDir) libDirs);
          LogsDirectory = dirName;
          PrivateTmp = true;
--- a/nixos/modules/services/security/step-ca.nix
+++ b/nixos/modules/services/security/step-ca.nix
@ -107,7 +107,7 @@ in
          UMask = "0077";
          Environment = "HOME=%S/step-ca";
          WorkingDirectory = ""; # override upstream
-          ReadWriteDirectories = ""; # override upstream
+          ReadWritePaths = ""; # override upstream

          # LocalCredential handles file permission problems arising from the use of DynamicUser.
          LoadCredential = "intermediate_password:${cfg.intermediatePasswordFile}";
--- a/nixos/modules/services/web-servers/caddy/default.nix
+++ b/nixos/modules/services/web-servers/caddy/default.nix
@ -360,6 +360,7 @@ in
      serviceConfig = let
        runOptions = ''--config ${configPath} ${optionalString (cfg.adapter != null) "--adapter ${cfg.adapter}"}'';
      in {
+        # Override the `ExecStart` line from upstream's systemd unit file by our own:
        # https://www.freedesktop.org/software/systemd/man/systemd.service.html#ExecStart=
        # If the empty string is assigned to this option, the list of commands to start is reset, prior assignments of this option will have no effect.
        ExecStart = [ "" ''${cfg.package}/bin/caddy run ${runOptions} ${optionalString cfg.resume "--resume"}'' ];
@ -367,7 +368,7 @@ in
        ExecReload = [ "" ''${cfg.package}/bin/caddy reload ${runOptions} --force'' ];
        User = cfg.user;
        Group = cfg.group;
-        ReadWriteDirectories = cfg.dataDir;
+        ReadWritePaths = [ cfg.dataDir ];
        StateDirectory = mkIf (cfg.dataDir == "/var/lib/caddy") [ "caddy" ];
        LogsDirectory = mkIf (cfg.logDir == "/var/log/caddy") [ "caddy" ];
        Restart = "on-failure";
--- a/nixos/modules/services/web-servers/traefik.nix
+++ b/nixos/modules/services/web-servers/traefik.nix
@ -170,7 +170,7 @@ in {
        PrivateDevices = true;
        ProtectHome = true;
        ProtectSystem = "full";
-        ReadWriteDirectories = cfg.dataDir;
+        ReadWritePaths = [ cfg.dataDir ];
        RuntimeDirectory = "traefik";
      };
    };