mirrors/copyparty
1
0
Fork 0
mirror of https://github.com/9001/copyparty.git synced 2025-08-17 17:12:13 -06:00
Code Issues Actions Packages Projects Releases Wiki Activity

improved my understanding of what paths copyparty needs to function.

Browse source
This commit is contained in:
Gabe Venberg 2025-04-22 23:33:08 +02:00
parent d94f3a5e66
commit 30dc417188
1 changed files with 12 additions and 8 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

20
contrib/nixos/modules/copyparty.nix
View file

@ -54,8 +54,9 @@ with lib; let
cfg = config.services.copyparty; cfg = config.services.copyparty;
configFile = pkgs.writeText "copyparty.conf" configStr; configFile = pkgs.writeText "copyparty.conf" configStr;
runtimeConfigPath = "/run/copyparty/copyparty.conf"; runtimeConfigPath = "/run/copyparty/copyparty.conf";
externalCacheDir = "/var/cache/copyparty";
externalStateDir = "/var/lib/copyparty"; externalStateDir = "/var/lib/copyparty";
defaultShareDir = "${externalStateDir}/data"; defaultShareDir = "${externalCacheDir}/data";
in { in {
options.services.copyparty = { options.services.copyparty = {
enable = mkEnableOption "web-based file manager"; enable = mkEnableOption "web-based file manager";
@ -243,7 +244,7 @@ in {
environment = { environment = {
PYTHONUNBUFFERED = "true"; PYTHONUNBUFFERED = "true";
XDG_CONFIG_HOME = lib.mkIf cfg.seperateHist externalStateDir; XDG_CONFIG_HOME = externalStateDir;
}; };
preStart = let preStart = let
@ -261,7 +262,7 @@ in {
Type = "simple"; Type = "simple";
ExecStart = '' ExecStart = ''
${getExe cfg.package} -c ${runtimeConfigPath} \ ${getExe cfg.package} -c ${runtimeConfigPath} \
${optionalString (cfg.seperateHist) "--hist ${externalStateDir}"} ${optionalString (cfg.seperateHist) "--hist ${externalCacheDir}"}
''; '';
# Hardening options # Hardening options
@ -269,9 +270,11 @@ in {
Group = cfg.group; Group = cfg.group;
RuntimeDirectory = ["copyparty"]; RuntimeDirectory = ["copyparty"];
RuntimeDirectoryMode = "0700"; RuntimeDirectoryMode = "0700";
StateDirectory = lib.mkIf cfg.seperateHist ["copyparty"]; StateDirectory = ["copyparty"];
StateDirectoryMode = lib.mkIf cfg.seperateHist "0700"; StateDirectoryMode = "0700";
WorkingDirectory = lib.mkIf cfg.seperateHist externalStateDir; CacheDirectory = lib.mkIf cfg.seperateHist ["copyparty"];
CacheDirectoryMode = lib.mkIf cfg.seperateHist "0700";
WorkingDirectory = externalStateDir;
BindReadOnlyPaths = BindReadOnlyPaths =
[ [
"/nix/store" "/nix/store"
@ -284,9 +287,10 @@ in {
BindPaths = BindPaths =
( (
if cfg.seperateHist if cfg.seperateHist
then [externalStateDir] then [externalCacheDir]
else [] else []
) )
++ [externalStateDir]
++ (mapAttrsToList (k: v: v.path) cfg.volumes); ++ (mapAttrsToList (k: v: v.path) cfg.volumes);
ProtectSystem = "strict"; ProtectSystem = "strict";
ProtectHome = "tmpfs"; ProtectHome = "tmpfs";
@ -317,7 +321,7 @@ in {
users.users.copyparty = lib.mkIf (cfg.user == "copyparty" && cfg.group == "copyparty") { users.users.copyparty = lib.mkIf (cfg.user == "copyparty" && cfg.group == "copyparty") {
description = "Service user for copyparty"; description = "Service user for copyparty";
group = "copyparty"; group = "copyparty";
home = lib.mkIf cfg.seperateHist externalStateDir; home = lib.mkIf externalStateDir;
isSystemUser = true; isSystemUser = true;
}; };
}; };