summary refs log tree commit diff
path: root/nixos/modules/services/misc/paperless.nix
diff options
context:
space:
mode:
authorBenjamin Staffin <benley@gmail.com>2023-06-28 10:48:25 -0400
committerGitHub <noreply@github.com>2023-06-28 10:48:25 -0400
commit211d94d70b8eb1f5b689dfda13d3da45e19ad64e (patch)
tree5a13f99c0a3ac6f8561b4cb8e98c6da27ed9a36a /nixos/modules/services/misc/paperless.nix
parente9782f715dd40e35476f2723fb1b7c232288c6b7 (diff)
downloadnixpkgs-211d94d70b8eb1f5b689dfda13d3da45e19ad64e.tar
nixpkgs-211d94d70b8eb1f5b689dfda13d3da45e19ad64e.tar.gz
nixpkgs-211d94d70b8eb1f5b689dfda13d3da45e19ad64e.tar.bz2
nixpkgs-211d94d70b8eb1f5b689dfda13d3da45e19ad64e.tar.lz
nixpkgs-211d94d70b8eb1f5b689dfda13d3da45e19ad64e.tar.xz
nixpkgs-211d94d70b8eb1f5b689dfda13d3da45e19ad64e.tar.zst
nixpkgs-211d94d70b8eb1f5b689dfda13d3da45e19ad64e.zip
nixos/paperless: Enable UMask now that it works (#240010)
According to
https://github.com/NixOS/nixpkgs/issues/147599#issuecomment-1272286679
the bug that prevented this UMask directive from working has been fixed
in systemd, so it should be safe to use now.

This stops paperless-ngx from making everything world-readable on disk,
but it does not change permissions of any files previously created.
Diffstat (limited to 'nixos/modules/services/misc/paperless.nix')
-rw-r--r--nixos/modules/services/misc/paperless.nix3
1 files changed, 1 insertions, 2 deletions
diff --git a/nixos/modules/services/misc/paperless.nix b/nixos/modules/services/misc/paperless.nix
index 7d371c60528..8fe628a4088 100644
--- a/nixos/modules/services/misc/paperless.nix
+++ b/nixos/modules/services/misc/paperless.nix
@@ -86,8 +86,7 @@ let
     SupplementaryGroups = optional enableRedis redisServer.user;
     SystemCallArchitectures = "native";
     SystemCallFilter = [ "@system-service" "~@privileged @setuid @keyring" ];
-    # Does not work well with the temporary root
-    #UMask = "0066";
+    UMask = "0066";
   };
 in
 {
generated by cgit-pink 1.4.1 (git 2.36.1) at 2024-05-22 00:14:55 +0000