From d30e3a923cccd713e1f17fb78f380099e58e6788 Mon Sep 17 00:00:00 2001
From: Benedikt Peetz <benedikt.peetz@b-peetz.de>
Date: Sun, 8 Dec 2024 17:32:16 +0100
Subject: fix(modules/ollama): Correctly set the mode of the `/var/lib/private`
 dir

---
 modules/by-name/ol/ollama/module.nix | 11 +++++++----
 1 file changed, 7 insertions(+), 4 deletions(-)

(limited to 'modules')

diff --git a/modules/by-name/ol/ollama/module.nix b/modules/by-name/ol/ollama/module.nix
index c93a0e7b..0c500aa7 100644
--- a/modules/by-name/ol/ollama/module.nix
+++ b/modules/by-name/ol/ollama/module.nix
@@ -11,15 +11,18 @@ in {
 
   config = lib.mkIf cfg.enable {
     soispha.impermanence.directories = [
+      # Set the mode to 700, so that it is private enough for systemd.
+      {
+        directory = "/var/lib/private";
+        mode = "700";
+      }
+
       # Ollama's systemd services tries to do create the directory under
       # `/var/lib/private/ollama` and then symlink `/var/lib/ollama` to that, when
       # `DynamicUsers` is true. Thus we need to persist the private directory and not the
       # resulting symlink one.
       # Relevant issue: https://github.com/nix-community/impermanence/issues/93
-      {
-        directory = "/var/lib/private/ollama";
-        mode = "700";
-      }
+      "/var/lib/private/ollama"
     ];
 
     services.ollama = {
-- 
cgit 1.4.1