fix: close port 8096 and explicitly specify persistent directory permissions

2024-12-20 23:54:19 +00:00 · 2024-12-20 23:54:19 +00:00 · 5f37f63af2
commit 5f37f63af2
parent f9839cf485
1 changed files with 8 additions and 2 deletions
--- a/modules/sv1.nix
+++ b/modules/sv1.nix
@ -155,7 +155,6 @@
    firewall.allowedTCPPorts = [
      80
      443
-      8096
    ];
  };

@ -262,16 +261,23 @@
    persistence."/persist" = {
      hideMounts = true;
      directories = [
-        "/var/lib/nixos"
+        {
+          directory = "/var/lib/nixos";
+          user = "root";
+          group = "root";
+          mode = "u=rwx,g=rx,o=rx";
+        }
        {
          directory = "/var/lib/gitea";
          user = "gitea";
          group = "gitea";
+          mode = "u=rwx,g=rx,o=";
        }
        {
          directory = "/var/lib/jellyfin";
          user = "jellyfin";
          group = "jellyfin";
+          mode = "u=rwx,g=rx,o=";
        }
      ];
    };