about summary refs log tree commit diff
path: root/nixos/modules/services/matrix
diff options
context:
space:
mode:
authorMaximilian Bosch <maximilian@mbosch.me>2024-03-15 18:53:04 +0000
committerGitHub <noreply@github.com>2024-03-15 18:53:04 +0000
commit0d17fd9524aae7a96bc107b002c6c3781017e9c2 (patch)
treef77e00f92dcb362806336242a7148903d7127ba8 /nixos/modules/services/matrix
parent164cc796f72c1055a9153383b31ff90f466d2423 (diff)
parent10fc05bfc1bb3713f37b730987d0a4c539b166c7 (diff)
downloadnixlib-0d17fd9524aae7a96bc107b002c6c3781017e9c2.tar
nixlib-0d17fd9524aae7a96bc107b002c6c3781017e9c2.tar.gz
nixlib-0d17fd9524aae7a96bc107b002c6c3781017e9c2.tar.bz2
nixlib-0d17fd9524aae7a96bc107b002c6c3781017e9c2.tar.lz
nixlib-0d17fd9524aae7a96bc107b002c6c3781017e9c2.tar.xz
nixlib-0d17fd9524aae7a96bc107b002c6c3781017e9c2.tar.zst
nixlib-0d17fd9524aae7a96bc107b002c6c3781017e9c2.zip
Merge pull request #292473 from networkException/fix-synapse-unix-socket-permissions
nixos/matrix-synapse: allow synapse to write to directories of unix socket paths
Diffstat (limited to 'nixos/modules/services/matrix')
-rw-r--r--nixos/modules/services/matrix/synapse.nix3
1 files changed, 2 insertions, 1 deletions
diff --git a/nixos/modules/services/matrix/synapse.nix b/nixos/modules/services/matrix/synapse.nix
index e3f9c7742cc7..7291c0fcbcdd 100644
--- a/nixos/modules/services/matrix/synapse.nix
+++ b/nixos/modules/services/matrix/synapse.nix
@@ -1232,7 +1232,8 @@ in {
             ProtectKernelTunables = true;
             ProtectProc = "invisible";
             ProtectSystem = "strict";
-            ReadWritePaths = [ cfg.dataDir cfg.settings.media_store_path ];
+            ReadWritePaths = [ cfg.dataDir cfg.settings.media_store_path ] ++
+              (map (listener: dirOf listener.path) (filter (listener: listener.path != null) cfg.settings.listeners));
             RemoveIPC = true;
             RestrictAddressFamilies = [ "AF_INET" "AF_INET6" "AF_UNIX" ];
             RestrictNamespaces = true;
generated by cgit-pink 1.4.1 (git 2.36.1) at 2024-07-14 03:06:26 +0000