nixos/redis: allow access to runtime and state directories to only redis user

2021-03-24 13:33:34 +03:00 · 2021-03-24 13:33:34 +03:00 · 9d4aaf2366
parent 86d8b31e00
commit 9d4aaf2366
1 changed files with 9 additions and 2 deletions
--- a/nixos/modules/services/databases/redis.nix
+++ b/nixos/modules/services/databases/redis.nix
@ -283,11 +283,18 @@ in

      serviceConfig = {
        ExecStart = "${cfg.package}/bin/redis-server /run/redis/redis.conf";
-        RuntimeDirectory = "redis";
-        StateDirectory = "redis";
        Type = "notify";
+        # User and group
        User = "redis";
        Group = "redis";
+        # Runtime directory and mode
+        RuntimeDirectory = "redis";
+        RuntimeDirectoryMode = "0750";
+        # State directory and mode
+        StateDirectory = "redis";
+        StateDirectoryMode = "0700";
+        # Access write directories
+        UMask = "0077";
      };
    };
  };