From 956dab36a3a8691b851186e9579c7c64dd4aaed5 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?J=C3=B6rg=20Thalheim?= Date: Wed, 10 Feb 2021 11:03:38 +0100 Subject: [PATCH] nextcloud: use tmpfiles to create group-readable home users.users.*.createHome makes home only owner-readable. This breaks nginx reading static assets from nextcloud's home, after a nixos-rebuild that did not restart nextcloud-setup. Closes #112639 --- nixos/modules/services/web-apps/nextcloud.nix | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/nixos/modules/services/web-apps/nextcloud.nix b/nixos/modules/services/web-apps/nextcloud.nix index 739ba1ea12f6..141ab98e29bf 100644 --- a/nixos/modules/services/web-apps/nextcloud.nix +++ b/nixos/modules/services/web-apps/nextcloud.nix @@ -599,6 +599,8 @@ in { timerConfig.Unit = "nextcloud-cron.service"; }; + systemd.tmpfiles.rules = ["d ${cfg.home} 0750 nextcloud nextcloud"]; + systemd.services = { # When upgrading the Nextcloud package, Nextcloud can report errors such as # "The files of the app [all apps in /var/lib/nextcloud/apps] were not replaced correctly" @@ -720,8 +722,6 @@ in { before = [ "phpfpm-nextcloud.service" ]; path = [ occ ]; script = '' - chmod og+x ${cfg.home} - ${optionalString (c.dbpassFile != null) '' if [ ! -r "${c.dbpassFile}" ]; then echo "dbpassFile ${c.dbpassFile} is not readable by nextcloud:nextcloud! Aborting..." @@ -814,7 +814,6 @@ in { users.users.nextcloud = { home = "${cfg.home}"; group = "nextcloud"; - createHome = true; isSystemUser = true; }; users.groups.nextcloud.members = [ "nextcloud" config.services.nginx.user ];