From 78dcba25ec5dab7fcbce8b04f6383fe3032a49af Mon Sep 17 00:00:00 2001 From: padreug Date: Sun, 12 Oct 2025 07:35:28 +0200 Subject: [PATCH] FIX: directory permissions and symlink management Updated the lnbits.nix configuration to set appropriate permissions on the extensions directory and create a symlink for LNBits extensions, improving security and functionality. --- config/lnbits.nix | 12 +++++++++--- 1 file changed, 9 insertions(+), 3 deletions(-) diff --git a/config/lnbits.nix b/config/lnbits.nix index b0070d0..fb83bc3 100644 --- a/config/lnbits.nix +++ b/config/lnbits.nix @@ -4,9 +4,9 @@ let lnbitsFlake = builtins.getFlake "path:/var/src/lnbits-src"; in { - # Import the LNBits service module directly from the flake's nix/modules directory + # Import the LNBits service module from the flake (following official guide pattern) imports = [ - /var/src/lnbits-src/nix/modules/lnbits-service.nix + "${lnbitsFlake}/nix/modules/lnbits-service.nix" ]; # LNBits service configuration @@ -99,11 +99,17 @@ in # # Option 1: Replace extensions directory entirely (use with caution) systemd.tmpfiles.rules = [ - "L+ /var/lib/lnbits/extensions - - - - /var/src/lnbits-extensions" + # Set permissions on source directory so lnbits user can read it + "d /var/src/lnbits-extensions 0755 lnbits lnbits - -" + # Create symlink with proper ownership + "L+ /var/lib/lnbits/extensions - lnbits lnbits - /var/src/lnbits-extensions" ]; # # Option 2: Manually merge deployed extensions with existing ones # Copy deployed extensions into the extensions directory without replacing it: + # systemd.tmpfiles.rules = [ + # "d /var/src/lnbits-extensions 0755 lnbits lnbits - -" + # ]; # systemd.services.lnbits-copy-extensions = { # description = "Copy deployed LNBits extensions"; # before = [ "lnbits.service" ];