Skip to content

Commit

Permalink
nixos: Add non-default storage path to ReadWritePaths
Browse files Browse the repository at this point in the history 
This prevents "read-only storage" errors when setting a non-default
local storage path. The non-default path must exist beforehand.

Co-authored-by: Zhaofeng Li <hello@zhaofeng.li>
  • Loading branch information
@icewind1991 @zhaofengli
icewind1991 and zhaofengli committed Jan 11, 2024
1 parent e6bedf1 commit b0765f6
Showing 1 changed file with 4 additions and 0 deletions.
4 changes: 4 additions & 0 deletions nixos/atticd.nix
View file
Original file line number Diff line number Diff line change
Expand Up @@ -203,6 +203,10 @@ in
RestrictNamespaces = true;
RestrictRealtime = true;
RestrictSUIDSGID = true;
ReadWritePaths = let
path = cfg.settings.storage.path;
isDefaultStateDirectory = path == "/var/lib/atticd" || lib.hasPrefix "/var/lib/atticd/" path;
in lib.optionals (cfg.settings.storage.type or "" == "local" && isDefaultStateDirectory) [ path ];
};
};

Expand Down

0 comments on commit b0765f6

Please sign in to comment.