FIX: directory permissions and symlink management

Updated the lnbits.nix configuration to set appropriate permissions on the extensions directory and create a symlink for LNBits extensions, improving security and functionality.

config/lnbits.nix

@@ -4,9 +4,9 @@ let
   lnbitsFlake = builtins.getFlake "path:/var/src/lnbits-src";
 in
 {
-  # Import the LNBits service module directly from the flake's nix/modules directory
+  # Import the LNBits service module from the flake (following official guide pattern)
   imports = [
-    /var/src/lnbits-src/nix/modules/lnbits-service.nix
+    "${lnbitsFlake}/nix/modules/lnbits-service.nix"
   ];
 
   # LNBits service configuration
@@ -99,11 +99,17 @@ in
   #
   # Option 1: Replace extensions directory entirely (use with caution)
   systemd.tmpfiles.rules = [
-    "L+ /var/lib/lnbits/extensions - - - - /var/src/lnbits-extensions"
+    # Set permissions on source directory so lnbits user can read it
+    "d /var/src/lnbits-extensions 0755 lnbits lnbits - -"
+    # Create symlink with proper ownership
+    "L+ /var/lib/lnbits/extensions - lnbits lnbits - /var/src/lnbits-extensions"
   ];
   #
   # Option 2: Manually merge deployed extensions with existing ones
   # Copy deployed extensions into the extensions directory without replacing it:
+  # systemd.tmpfiles.rules = [
+  #   "d /var/src/lnbits-extensions 0755 lnbits lnbits - -"
+  # ];
   # systemd.services.lnbits-copy-extensions = {
   #   description = "Copy deployed LNBits extensions";
   #   before = [ "lnbits.service" ];