diff options
author | Benjamin Staffin <benley@gmail.com> | 2023-06-28 10:48:25 -0400 |
---|---|---|
committer | GitHub <noreply@github.com> | 2023-06-28 10:48:25 -0400 |
commit | 211d94d70b8eb1f5b689dfda13d3da45e19ad64e (patch) | |
tree | 5a13f99c0a3ac6f8561b4cb8e98c6da27ed9a36a /nixos/modules/services/misc/paperless.nix | |
parent | e9782f715dd40e35476f2723fb1b7c232288c6b7 (diff) | |
download | nixpkgs-211d94d70b8eb1f5b689dfda13d3da45e19ad64e.tar nixpkgs-211d94d70b8eb1f5b689dfda13d3da45e19ad64e.tar.gz nixpkgs-211d94d70b8eb1f5b689dfda13d3da45e19ad64e.tar.bz2 nixpkgs-211d94d70b8eb1f5b689dfda13d3da45e19ad64e.tar.lz nixpkgs-211d94d70b8eb1f5b689dfda13d3da45e19ad64e.tar.xz nixpkgs-211d94d70b8eb1f5b689dfda13d3da45e19ad64e.tar.zst nixpkgs-211d94d70b8eb1f5b689dfda13d3da45e19ad64e.zip |
nixos/paperless: Enable UMask now that it works (#240010)
According to https://github.com/NixOS/nixpkgs/issues/147599#issuecomment-1272286679 the bug that prevented this UMask directive from working has been fixed in systemd, so it should be safe to use now. This stops paperless-ngx from making everything world-readable on disk, but it does not change permissions of any files previously created.
Diffstat (limited to 'nixos/modules/services/misc/paperless.nix')
-rw-r--r-- | nixos/modules/services/misc/paperless.nix | 3 |
1 files changed, 1 insertions, 2 deletions
diff --git a/nixos/modules/services/misc/paperless.nix b/nixos/modules/services/misc/paperless.nix index 7d371c60528..8fe628a4088 100644 --- a/nixos/modules/services/misc/paperless.nix +++ b/nixos/modules/services/misc/paperless.nix @@ -86,8 +86,7 @@ let SupplementaryGroups = optional enableRedis redisServer.user; SystemCallArchitectures = "native"; SystemCallFilter = [ "@system-service" "~@privileged @setuid @keyring" ]; - # Does not work well with the temporary root - #UMask = "0066"; + UMask = "0066"; }; in { |