diff options
| author | Soispha <soispha@vhack.eu> | 2023-07-04 18:36:42 +0200 |
|---|---|---|
| committer | Soispha <soispha@vhack.eu> | 2023-07-04 18:36:42 +0200 |
| commit | dd84945ae158eaa458fc8ce5558bb007ade012ce (patch) | |
| tree | 606a8e9e1b4f36d778fbdae44fbab169c6020e48 /system/services/nix-sync/default.nix | |
| parent | Fix(system/services/nix-sync): Add '/etc/nginx/websites' to kept dirs (diff) | |
| download | nixos-server-dd84945ae158eaa458fc8ce5558bb007ade012ce.tar.gz nixos-server-dd84945ae158eaa458fc8ce5558bb007ade012ce.zip | |
Fix(system/services/nix-sync): Add the cachePath rw
Diffstat (limited to 'system/services/nix-sync/default.nix')
| -rw-r--r-- | system/services/nix-sync/default.nix | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/system/services/nix-sync/default.nix b/system/services/nix-sync/default.nix index ed2c6ac..ea6d3cd 100644 --- a/system/services/nix-sync/default.nix +++ b/system/services/nix-sync/default.nix @@ -81,7 +81,7 @@ # Security NoNewPrivileges = true; # Sandboxing (sorted by occurrence in https://www.freedesktop.org/software/systemd/man/systemd.exec.html) - ReadWritePaths = ["/etc/nginx/websites" "-${esa repoCachePath}"]; + ReadWritePaths = ["/etc/nginx/websites" "-${esa repoCachePath}" "-${esa cfg.cachePath}"]; ReadOnlyPaths = ["/nix"]; ProtectSystem = "strict"; ProtectHome = true; |