Replaced state dir with runtime dir, hopefully fixes issues

2025-09-05 21:18:14 +00:00 · 2025-08-03 20:20:49 +03:00
parent d427beaeba
commit 3c7f1a8c2c
1 changed files with 28 additions and 4 deletions
--- a/service.nix
+++ b/service.nix
@@ -55,6 +55,23 @@ in
      type = lib.types.path;
    };

+    user = lib.mkOption {
+      description = "Eko user";
+      default = "eko";
+      type = lib.types.str;
+    };
+
+    group = lib.mkOption {
+      description = "Eko group";
+      default = "eko";
+      type = lib.types.str;
+    };
+
+    permission = lib.mkOption {
+      description = "Permission to access dataDir";
+      default = "0750";
+      type = lib.types.str;
+    };
  };

  config = lib.mkIf cfg.enable {
@@ -71,6 +88,10 @@ in
      group = "eko";
    };

+    systemd.tmpfiles.rules = [
+      "d '${cfg.dataDir}' ${cfg.permission} ${cfg.user} ${cfg.group} - -"
+    ];
+
    # Systemd service for eko
    systemd.services.eko = {
      description = "Eko - a secure terminal-native social media platform";
@@ -98,14 +119,17 @@ in
        ExecReload = "${pkgs.coreutils}/bin/kill -SIGHUP $MAINPID";

        ConfigurationDirectory = "eko";
-        StateDirectory = "eko";
-        StateDirectoryMode = "0700";
+        # StateDirectory = "eko";
+        # StateDirectoryMode = "0700";
+        # Runtime directory and mode
+        RuntimeDirectory = "eko";
+        RuntimeDirectoryMode = cfg.permission;
        LogsDirectory = "eko";
        WorkingDirectory = cfg.dataDir;
        Type = "simple";

-        User = "eko";
-        Group = "eko";
+        User = cfg.user;
+        Group = cfg.group;

        # Hardening
        ProtectHome = true;