From af4a43e36a697edbd108d3aabaacadfbe631b294 Mon Sep 17 00:00:00 2001 From: Yorick van Pelt Date: Fri, 28 Oct 2022 17:23:44 +0200 Subject: treewide: convert fake octal ints to strings These were being cast to strings later and then reinterpreted as octal. --- nixos/modules/security/acme/default.nix | 8 ++++---- nixos/modules/services/logging/journalwatch.nix | 2 +- nixos/modules/services/matrix/appservice-discord.nix | 2 +- nixos/modules/services/matrix/mautrix-telegram.nix | 2 +- nixos/modules/services/misc/geoipupdate.nix | 2 +- nixos/modules/services/misc/mx-puppet-discord.nix | 2 +- nixos/modules/services/misc/rmfakecloud.nix | 2 +- nixos/modules/services/monitoring/parsedmarc.nix | 2 +- nixos/modules/services/web-apps/bookstack.nix | 2 +- nixos/modules/services/web-apps/discourse.nix | 4 ++-- nixos/modules/services/web-apps/keycloak.nix | 2 +- nixos/modules/services/web-apps/snipe-it.nix | 2 +- 12 files changed, 16 insertions(+), 16 deletions(-) diff --git a/nixos/modules/security/acme/default.nix b/nixos/modules/security/acme/default.nix index 1c4a88954b6..4e163901b08 100644 --- a/nixos/modules/security/acme/default.nix +++ b/nixos/modules/security/acme/default.nix @@ -26,8 +26,8 @@ let Type = "oneshot"; User = user; Group = mkDefault "acme"; - UMask = 0022; - StateDirectoryMode = 750; + UMask = "0022"; + StateDirectoryMode = "750"; ProtectSystem = "strict"; ReadWritePaths = [ "/var/lib/acme" @@ -85,7 +85,7 @@ let serviceConfig = commonServiceConfig // { StateDirectory = "acme/.minica"; BindPaths = "/var/lib/acme/.minica:/tmp/ca"; - UMask = 0077; + UMask = "0077"; }; # Working directory will be /tmp @@ -243,7 +243,7 @@ let serviceConfig = commonServiceConfig // { Group = data.group; - UMask = 0027; + UMask = "0027"; StateDirectory = "acme/${cert}"; diff --git a/nixos/modules/services/logging/journalwatch.nix b/nixos/modules/services/logging/journalwatch.nix index a315da3ea0e..55e2d600ee4 100644 --- a/nixos/modules/services/logging/journalwatch.nix +++ b/nixos/modules/services/logging/journalwatch.nix @@ -239,7 +239,7 @@ in { Type = "oneshot"; # requires a relative directory name to create beneath /var/lib StateDirectory = user; - StateDirectoryMode = 0750; + StateDirectoryMode = "0750"; ExecStart = "${pkgs.python3Packages.journalwatch}/bin/journalwatch mail"; # lowest CPU and IO priority, but both still in best-effort class to prevent starvation Nice=19; diff --git a/nixos/modules/services/matrix/appservice-discord.nix b/nixos/modules/services/matrix/appservice-discord.nix index 89b4bc98f49..15f0f0cc0cd 100644 --- a/nixos/modules/services/matrix/appservice-discord.nix +++ b/nixos/modules/services/matrix/appservice-discord.nix @@ -137,7 +137,7 @@ in { PrivateTmp = true; WorkingDirectory = appDir; StateDirectory = baseNameOf dataDir; - UMask = 0027; + UMask = "0027"; EnvironmentFile = cfg.environmentFile; ExecStart = '' diff --git a/nixos/modules/services/matrix/mautrix-telegram.nix b/nixos/modules/services/matrix/mautrix-telegram.nix index be220e05a52..8dda365a791 100644 --- a/nixos/modules/services/matrix/mautrix-telegram.nix +++ b/nixos/modules/services/matrix/mautrix-telegram.nix @@ -162,7 +162,7 @@ in { PrivateTmp = true; WorkingDirectory = pkgs.mautrix-telegram; # necessary for the database migration scripts to be found StateDirectory = baseNameOf dataDir; - UMask = 0027; + UMask = "0027"; EnvironmentFile = cfg.environmentFile; ExecStart = '' diff --git a/nixos/modules/services/misc/geoipupdate.nix b/nixos/modules/services/misc/geoipupdate.nix index ad80d489243..27c1157e9a8 100644 --- a/nixos/modules/services/misc/geoipupdate.nix +++ b/nixos/modules/services/misc/geoipupdate.nix @@ -183,7 +183,7 @@ in DynamicUser = true; ReadWritePaths = cfg.settings.DatabaseDirectory; RuntimeDirectory = "geoipupdate"; - RuntimeDirectoryMode = 0700; + RuntimeDirectoryMode = "0700"; CapabilityBoundingSet = ""; PrivateDevices = true; PrivateMounts = true; diff --git a/nixos/modules/services/misc/mx-puppet-discord.nix b/nixos/modules/services/misc/mx-puppet-discord.nix index 33a6c8f26a9..36c9f8b122e 100644 --- a/nixos/modules/services/misc/mx-puppet-discord.nix +++ b/nixos/modules/services/misc/mx-puppet-discord.nix @@ -107,7 +107,7 @@ in { PrivateTmp = true; WorkingDirectory = pkgs.mx-puppet-discord; StateDirectory = baseNameOf dataDir; - UMask = 0027; + UMask = "0027"; ExecStart = '' ${pkgs.mx-puppet-discord}/bin/mx-puppet-discord \ diff --git a/nixos/modules/services/misc/rmfakecloud.nix b/nixos/modules/services/misc/rmfakecloud.nix index 25857c173b6..1cdfdeceabc 100644 --- a/nixos/modules/services/misc/rmfakecloud.nix +++ b/nixos/modules/services/misc/rmfakecloud.nix @@ -138,7 +138,7 @@ in { SystemCallArchitectures = "native"; WorkingDirectory = serviceDataDir; StateDirectory = baseNameOf serviceDataDir; - UMask = 0027; + UMask = "0027"; }; }; }; diff --git a/nixos/modules/services/monitoring/parsedmarc.nix b/nixos/modules/services/monitoring/parsedmarc.nix index 7618414d904..3540d91fc9f 100644 --- a/nixos/modules/services/monitoring/parsedmarc.nix +++ b/nixos/modules/services/monitoring/parsedmarc.nix @@ -494,7 +494,7 @@ in Group = "parsedmarc"; DynamicUser = true; RuntimeDirectory = "parsedmarc"; - RuntimeDirectoryMode = 0700; + RuntimeDirectoryMode = "0700"; CapabilityBoundingSet = ""; PrivateDevices = true; PrivateMounts = true; diff --git a/nixos/modules/services/web-apps/bookstack.nix b/nixos/modules/services/web-apps/bookstack.nix index 3fbccf54008..eeef7772776 100644 --- a/nixos/modules/services/web-apps/bookstack.nix +++ b/nixos/modules/services/web-apps/bookstack.nix @@ -372,7 +372,7 @@ in { User = user; WorkingDirectory = "${bookstack}"; RuntimeDirectory = "bookstack/cache"; - RuntimeDirectoryMode = 0700; + RuntimeDirectoryMode = "0700"; }; path = [ pkgs.replace-secret ]; script = diff --git a/nixos/modules/services/web-apps/discourse.nix b/nixos/modules/services/web-apps/discourse.nix index 66b22ec87db..9ad451f31f7 100644 --- a/nixos/modules/services/web-apps/discourse.nix +++ b/nixos/modules/services/web-apps/discourse.nix @@ -798,13 +798,13 @@ in "public" "sockets" ]; - RuntimeDirectoryMode = 0750; + RuntimeDirectoryMode = "0750"; StateDirectory = map (p: "discourse/" + p) [ "uploads" "backups" "tmp" ]; - StateDirectoryMode = 0750; + StateDirectoryMode = "0750"; LogsDirectory = "discourse"; TimeoutSec = "infinity"; Restart = "on-failure"; diff --git a/nixos/modules/services/web-apps/keycloak.nix b/nixos/modules/services/web-apps/keycloak.nix index da53d4ea76f..521cf778a36 100644 --- a/nixos/modules/services/web-apps/keycloak.nix +++ b/nixos/modules/services/web-apps/keycloak.nix @@ -616,7 +616,7 @@ in Group = "keycloak"; DynamicUser = true; RuntimeDirectory = "keycloak"; - RuntimeDirectoryMode = 0700; + RuntimeDirectoryMode = "0700"; AmbientCapabilities = "CAP_NET_BIND_SERVICE"; }; script = '' diff --git a/nixos/modules/services/web-apps/snipe-it.nix b/nixos/modules/services/web-apps/snipe-it.nix index 802d67cdb8e..e0d2eb8c6ab 100644 --- a/nixos/modules/services/web-apps/snipe-it.nix +++ b/nixos/modules/services/web-apps/snipe-it.nix @@ -394,7 +394,7 @@ in { User = user; WorkingDirectory = snipe-it; RuntimeDirectory = "snipe-it/cache"; - RuntimeDirectoryMode = 0700; + RuntimeDirectoryMode = "0700"; }; path = [ pkgs.replace-secret ]; script = -- cgit 1.4.1