summary refs log tree commit diff
path: root/nixos/modules/services/networking/unifi.nix
diff options
context:
space:
mode:
authorGraham Christensen <graham@grahamc.com>2019-06-25 18:04:22 -0400
committerGitHub <noreply@github.com>2019-06-25 18:04:22 -0400
commit38c28ef10c54bf4899d467854e893842cffb4de6 (patch)
treea4b38800f30b0c9d794715dc1c2c7f193570b011 /nixos/modules/services/networking/unifi.nix
parent880bc93fc0ad44ea5b973e532c338afeb70d2a71 (diff)
parentde6e5ea8152b29c975096d7d4b7d0938874ee37a (diff)
downloadnixpkgs-38c28ef10c54bf4899d467854e893842cffb4de6.tar
nixpkgs-38c28ef10c54bf4899d467854e893842cffb4de6.tar.gz
nixpkgs-38c28ef10c54bf4899d467854e893842cffb4de6.tar.bz2
nixpkgs-38c28ef10c54bf4899d467854e893842cffb4de6.tar.lz
nixpkgs-38c28ef10c54bf4899d467854e893842cffb4de6.tar.xz
nixpkgs-38c28ef10c54bf4899d467854e893842cffb4de6.tar.zst
nixpkgs-38c28ef10c54bf4899d467854e893842cffb4de6.zip
Merge pull request #56265 from aanderse/permissions-start-only
replace deprecated usage of PermissionsStartOnly (part 2)
Diffstat (limited to 'nixos/modules/services/networking/unifi.nix')
-rw-r--r--nixos/modules/services/networking/unifi.nix11
1 files changed, 5 insertions, 6 deletions
diff --git a/nixos/modules/services/networking/unifi.nix b/nixos/modules/services/networking/unifi.nix
index c82e0af2803..9057a1e12b3 100644
--- a/nixos/modules/services/networking/unifi.nix
+++ b/nixos/modules/services/networking/unifi.nix
@@ -146,6 +146,11 @@ in
         where = where;
       }) mountPoints;
 
+    systemd.tmpfiles.rules = [
+      "e '${stateDir}' 0700 unifi - - -"
+      "e '${stateDir}/data' 0700 unifi - - -"
+    ];
+
     systemd.services.unifi = {
       description = "UniFi controller daemon";
       wantedBy = [ "multi-user.target" ];
@@ -157,14 +162,9 @@ in
       environment.LD_LIBRARY_PATH = with pkgs.stdenv; "${cc.cc.lib}/lib";
 
       preStart = ''
-        # Ensure privacy of state and data.
-        chown unifi "${stateDir}" "${stateDir}/data"
-        chmod 0700 "${stateDir}" "${stateDir}/data"
-
         # Create the volatile webapps
         rm -rf "${stateDir}/webapps"
         mkdir -p "${stateDir}/webapps"
-        chown unifi "${stateDir}/webapps"
         ln -s "${cfg.unifiPackage}/webapps/ROOT" "${stateDir}/webapps/ROOT"
       '';
 
@@ -177,7 +177,6 @@ in
         ExecStart = "${(removeSuffix "\n" cmd)} start";
         ExecStop = "${(removeSuffix "\n" cmd)} stop";
         User = "unifi";
-        PermissionsStartOnly = true;
         UMask = "0077";
         WorkingDirectory = "${stateDir}";
       };