Use systemd RuntimeDirectory and StateDirectory entries to ensure runtime directory...

[perso/Immae/Config/Nix.git] / nixops / modules / task / default.nix

diff --git a/nixops/modules/task/default.nix b/nixops/modules/task/default.nix
index 8454c4b8008d8b4e0509c1a6b9c51040f2b6567c..83706084a741fae4cff3ff8f0bd40afda2092200 100644 (file)
--- a/nixops/modules/task/default.nix
+++ b/nixops/modules/task/default.nix
@@ -245,12 +245,6 @@ in {
     system.activationScripts.taskwarrior-web = {
       deps = [ "users" ];
       text = ''
-        install -m 0755 -o ${user} -g ${group} -d ${socketsDir}
-        install -m 0750 -o ${user} -g ${group} -d ${varDir}
-        ${builtins.concatStringsSep "\n" (lib.attrsets.mapAttrsToList
-          (k: v: "install -m 0750 -o ${user} -g ${group} -d ${varDir}/${k}")
-          env.taskwarrior-web
-        )}
         if [ ! -f ${server_vardir}/userkeys/taskwarrior-web.cert.pem ]; then
           ${taskserver-user-certs}/bin/taskserver-user-certs taskwarrior-web
           chown taskd:taskd ${server_vardir}/userkeys/taskwarrior-web.cert.pem ${server_vardir}/userkeys/taskwarrior-web.key.pem
@@ -315,6 +309,12 @@ in {
           TimeoutSec = 60;
           Type = "simple";
           WorkingDirectory = taskwarrior-web;
+          StateDirectoryMode = 0750;
+          StateDirectory = assert lib.strings.hasPrefix "/var/lib/" varDir;
+            (lib.strings.removePrefix "/var/lib/" varDir + "/${name}");
+          RuntimeDirectoryPreserve = "yes";
+          RuntimeDirectory = assert lib.strings.hasPrefix "/run/" socketsDir;
+            lib.strings.removePrefix "/run/" socketsDir;
         };
 
         unitConfig.RequiresMountsFor = varDir;