Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Backport release-24.05] nixos/acme: Set /var/lib/acme permissions to 755 #359585

Merged
merged 1 commit into from
Nov 27, 2024
Merged

[Backport release-24.05] nixos/acme: Set /var/lib/acme permissions to 755 #359585

merged 1 commit into from
Nov 27, 2024

Conversation

github-actions[bot]
Copy link
Contributor

@github-actions github-actions bot commented Nov 27, 2024
edited by fpletz
Loading

Bot-based backport to release-24.05, triggered by a label in #353659.

  • Before merging, ensure that this backport is acceptable for the release.
    • Even as a non-commiter, if you find that it is not acceptable, leave a comment.

@YorikSar @github-actions
nixos/acme: Set /var/lib/acme permissions to 755
f5134b3 
It was being created with the default home permissions of 700, and then
set to 755 at runtime by something either some script or systemd as
part of service startup.

It worked fine without sysusers, but when it's enabed with:

    systemd.sysusers.enable = true;

systemd-tmpfiles is resetting permissions on each activation, which
breaks, for example, nginx reload, because it cannot load certificates
anymore, because it doesn't have any access to `/var/lib/acme`.

Fix this by setting `homeMode = "755";` explicitely so that it's set to
the final value from the beginning.

(cherry picked from commit 64a6e82)
@github-actions github-actions bot mentioned this pull request Nov 27, 2024
Merged
13 tasks
@github-actions github-actions bot added 6.topic: nixos Issues or PRs affecting NixOS modules, or package usability issues specific to NixOS 8.has: module (update) This PR changes an existing module in `nixos/` labels Nov 27, 2024
@fpletz fpletz merged commit ad915d0 into release-24.05 Nov 27, 2024
4 checks passed
@fpletz fpletz deleted the backport-353659-to-release-24.05 branch November 27, 2024 14:18
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
6.topic: nixos Issues or PRs affecting NixOS modules, or package usability issues specific to NixOS 8.has: module (update) This PR changes an existing module in `nixos/`
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@fpletz @YorikSar