diff options
-rw-r--r-- | nixos/modules/services/misc/gitea.nix | 13 |
1 files changed, 11 insertions, 2 deletions
diff --git a/nixos/modules/services/misc/gitea.nix b/nixos/modules/services/misc/gitea.nix index 15aeb191f57..28609f8ec8a 100644 --- a/nixos/modules/services/misc/gitea.nix +++ b/nixos/modules/services/misc/gitea.nix @@ -162,6 +162,12 @@ in <manvolnum>7</manvolnum></citerefentry>. ''; }; + + backupDir = mkOption { + type = types.str; + default = "${cfg.stateDir}/dump"; + description = "Path to the dump files."; + }; }; appName = mkOption { @@ -357,6 +363,9 @@ in }; systemd.tmpfiles.rules = [ + "d '${cfg.dump.backupDir}' 0750 ${cfg.user} gitea - -" + "z '${cfg.dump.backupDir}' 0750 ${cfg.user} gitea - -" + "Z '${cfg.dump.backupDir}' - ${cfg.user} gitea - -" "d '${cfg.repositoryRoot}' 0750 ${cfg.user} gitea - -" "z '${cfg.repositoryRoot}' 0750 ${cfg.user} gitea - -" "Z '${cfg.repositoryRoot}' - ${cfg.user} gitea - -" @@ -448,7 +457,7 @@ in ProtectKernelTunables = true; ProtectKernelModules = true; ProtectControlGroups = true; - ReadWritePaths = [ cfg.repositoryRoot cfg.stateDir ]; + ReadWritePaths = [ cfg.dump.backupDir cfg.repositoryRoot cfg.stateDir ]; UMask = "0027"; # Caps CapabilityBoundingSet = ""; @@ -513,7 +522,7 @@ in Type = "oneshot"; User = cfg.user; ExecStart = "${gitea}/bin/gitea dump"; - WorkingDirectory = cfg.stateDir; + WorkingDirectory = cfg.dump.backupDir; }; }; |