From 2e2e3ff5cee613ced1ec6f10858ee62c55d57646 Mon Sep 17 00:00:00 2001 From: Richard Carter Date: Thu, 9 May 2024 08:45:57 -0400 Subject: [PATCH] set sabnzbd state files to user-only access permissions --- nixarr/nixarr.nix | 2 +- nixarr/sabnzbd/default.nix | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/nixarr/nixarr.nix b/nixarr/nixarr.nix index 41dad4a..060cb04 100644 --- a/nixarr/nixarr.nix +++ b/nixarr/nixarr.nix @@ -38,7 +38,7 @@ with lib; let find "${cfg.transmission.stateDir}" \( -type d -exec chmod 0750 {} + -true \) -o \( -exec chmod 0640 {} + \) '' + strings.optionalString cfg.sabnzbd.enable '' chown -R usenet:root "${cfg.sabnzbd.stateDir}" - find "${cfg.sabnzbd.stateDir}" \( -type d -exec chmod 0750 {} + -true \) -o \( -exec chmod 0640 {} + \) + find "${cfg.sabnzbd.stateDir}" \( -type d -exec chmod 0700 {} + -true \) -o \( -exec chmod 0600 {} + \) '' + strings.optionalString cfg.transmission.privateTrackers.cross-seed.enable '' chown -R cross-seed:root "${cfg.transmission.privateTrackers.cross-seed.stateDir}" find "${cfg.transmission.privateTrackers.cross-seed.stateDir}" \( -type d -exec chmod 0700 {} + -true \) -o \( -exec chmod 0600 {} + \) diff --git a/nixarr/sabnzbd/default.nix b/nixarr/sabnzbd/default.nix index d31c836..bfd70b5 100644 --- a/nixarr/sabnzbd/default.nix +++ b/nixarr/sabnzbd/default.nix @@ -163,7 +163,7 @@ in { config = mkIf cfg.enable { systemd.tmpfiles.rules = [ - "d '${cfg.stateDir}' 0750 usenet root - -" + "d '${cfg.stateDir}' 0700 usenet root - -" ]; services.sabnzbd = {