dunkirk.sh / dots
Kieran's opinionated (and probably slightly dumb) nix config
fork atom

bug: fix cedarlogic again

dunkirk.sh 3804ed58 fa9af608

verified
+10 -3
unified split
+10 -3
modules/lib/mkService.nix
··· 212 212 group = name; 213 213 extraGroups = [ "services" ]; 214 214 home = cfg.dataDir; 215 - createHome = true; 215 + createHome = false; 216 216 shell = pkgs.bash; 217 217 }; 218 218 219 219 users.groups.${name} = {}; 220 + 221 + # Ensure data directories exist with correct permissions on every activation 222 + systemd.tmpfiles.rules = [ 223 + "d ${cfg.dataDir} 0755 ${name} services -" 224 + "d ${cfg.dataDir}/app 0750 ${name} services -" 225 + "d ${cfg.dataDir}/data 0750 ${name} services -" 226 + ]; 220 227 221 228 # Allow service user to manage their own service (for CI/CD deploys) 222 229 security.sudo.extraRules = [ ··· 287 294 ExecStartPre = [ 288 295 "!${pkgs.writeShellScript "${name}-setup" '' 289 296 mkdir -p ${cfg.dataDir}/app ${cfg.dataDir}/data 290 - chown ${name}:${name} ${cfg.dataDir} 297 + chown ${name}:services ${cfg.dataDir} 291 298 chown ${name}:services ${cfg.dataDir}/app ${cfg.dataDir}/data 292 - chmod 0750 ${cfg.dataDir} 299 + chmod 0755 ${cfg.dataDir} 293 300 chmod g+rwX ${cfg.dataDir}/app ${cfg.dataDir}/data 294 301 ''}" 295 302 ];