about summary refs log tree commit diff
path: root/nixos
diff options
context:
space:
mode:
authoroddlama <oddlama@oddlama.org>2023-09-23 16:37:23 +0200
committeroddlama <oddlama@oddlama.org>2023-09-23 16:37:23 +0200
commit11d4f6e4a86e0c1493c57eccd4c2713648baa44f (patch)
tree1a0a59ee09838bcfb6c56f1ce2a688cea12bb612 /nixos
parent9edb077ace8bf9c281a0dfc85351ed2d5c3d2a31 (diff)
downloadnixlib-11d4f6e4a86e0c1493c57eccd4c2713648baa44f.tar
nixlib-11d4f6e4a86e0c1493c57eccd4c2713648baa44f.tar.gz
nixlib-11d4f6e4a86e0c1493c57eccd4c2713648baa44f.tar.bz2
nixlib-11d4f6e4a86e0c1493c57eccd4c2713648baa44f.tar.lz
nixlib-11d4f6e4a86e0c1493c57eccd4c2713648baa44f.tar.xz
nixlib-11d4f6e4a86e0c1493c57eccd4c2713648baa44f.tar.zst
nixlib-11d4f6e4a86e0c1493c57eccd4c2713648baa44f.zip
nixos/typesense: disable MemoryDenyWriteExecute which is needed since 0.25.1
also adjust default state directory mode to allow typesense group
Diffstat (limited to 'nixos')
-rw-r--r--nixos/modules/services/search/typesense.nix4
1 files changed, 2 insertions, 2 deletions
diff --git a/nixos/modules/services/search/typesense.nix b/nixos/modules/services/search/typesense.nix
index 856c3cad22df..c158d04fea23 100644
--- a/nixos/modules/services/search/typesense.nix
+++ b/nixos/modules/services/search/typesense.nix
@@ -83,12 +83,12 @@ in {
         Group = "typesense";
 
         StateDirectory = "typesense";
-        StateDirectoryMode = "0700";
+        StateDirectoryMode = "0750";
 
         # Hardening
         CapabilityBoundingSet = "";
         LockPersonality = true;
-        MemoryDenyWriteExecute = true;
+        # MemoryDenyWriteExecute = true; needed since 0.25.1
         NoNewPrivileges = true;
         PrivateUsers = true;
         PrivateTmp = true;
generated by cgit-pink 1.4.1 (git 2.36.1) at 2024-08-07 04:56:04 +0000