From 72d6d73e3750b6ec4dfffeb05eb0688d6358aeab Mon Sep 17 00:00:00 2001
From: Max <max@privatevoid.net>
Date: Wed, 30 Mar 2022 01:42:00 +0200
Subject: nixos/ipfs: Only set ReadWritePaths when hardened

Co-authored-by: Luflosi <Luflosi@users.noreply.github.com>
---
 nixos/modules/services/network-filesystems/ipfs.nix | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'nixos/modules/services/network-filesystems/ipfs.nix')

diff --git a/nixos/modules/services/network-filesystems/ipfs.nix b/nixos/modules/services/network-filesystems/ipfs.nix
index 7e96179b3ca..f63debe13ac 100644
--- a/nixos/modules/services/network-filesystems/ipfs.nix
+++ b/nixos/modules/services/network-filesystems/ipfs.nix
@@ -280,7 +280,7 @@ in
         User = cfg.user;
         Group = cfg.group;
         StateDirectory = "";
-        ReadWritePaths = [ "" cfg.dataDir ];
+        ReadWritePaths = optionals (!cfg.autoMount) [ "" cfg.dataDir ];
       } // optionalAttrs (cfg.serviceFdlimit != null) { LimitNOFILE = cfg.serviceFdlimit; };
     } // optionalAttrs (!cfg.startWhenNeeded) {
       wantedBy = [ "default.target" ];
-- 
cgit 1.4.1