pyrox.dev / nixpkgs
lol
fork atom

treewide: convert fake octal ints to strings

These were being cast to strings later and then reinterpreted as
octal.

Yorick van Pelt af4a43e3 4fce8949

options
unified split
Changed files
+16 -16
nixos
modules
security
acme
default.nix
services
logging
journalwatch.nix
matrix
appservice-discord.nix
mautrix-telegram.nix
misc
geoipupdate.nix
mx-puppet-discord.nix
rmfakecloud.nix
monitoring
parsedmarc.nix
web-apps
bookstack.nix
discourse.nix
keycloak.nix
snipe-it.nix
+4 -4
nixos/modules/security/acme/default.nix 
···

       
26

       
26

       
 

       
    Type = "oneshot";


     

       
27

       
27

       
 

       
    User = user;


     

       
28

       
28

       
 

       
    Group = mkDefault "acme";


     

       
29

       

       
-

       
    UMask = 0022;


     

       
30

       

       
-

       
    StateDirectoryMode = 750;


     

       

       
29

       
+

       
    UMask = "0022";


     

       

       
30

       
+

       
    StateDirectoryMode = "750";


     

       
31

       
31

       
 

       
    ProtectSystem = "strict";


     

       
32

       
32

       
 

       
    ReadWritePaths = [


     

       
33

       
33

       
 

       
      "/var/lib/acme"


     
···

       
85

       
85

       
 

       
    serviceConfig = commonServiceConfig // {


     

       
86

       
86

       
 

       
      StateDirectory = "acme/.minica";


     

       
87

       
87

       
 

       
      BindPaths = "/var/lib/acme/.minica:/tmp/ca";


     

       
88

       

       
-

       
      UMask = 0077;


     

       

       
88

       
+

       
      UMask = "0077";


     

       
89

       
89

       
 

       
    };


     

       
90

       
90

       
 

       



     

       
91

       
91

       
 

       
    # Working directory will be /tmp


     
···

       
243

       
243

       
 

       



     

       
244

       
244

       
 

       
      serviceConfig = commonServiceConfig // {


     

       
245

       
245

       
 

       
        Group = data.group;


     

       
246

       

       
-

       
        UMask = 0027;


     

       

       
246

       
+

       
        UMask = "0027";


     

       
247

       
247

       
 

       



     

       
248

       
248

       
 

       
        StateDirectory = "acme/${cert}";


     

       
249

       
249
+1 -1
nixos/modules/services/logging/journalwatch.nix 
···

       
239

       
239

       
 

       
        Type = "oneshot";


     

       
240

       
240

       
 

       
        # requires a relative directory name to create beneath /var/lib


     

       
241

       
241

       
 

       
        StateDirectory = user;


     

       
242

       

       
-

       
        StateDirectoryMode = 0750;


     

       

       
242

       
+

       
        StateDirectoryMode = "0750";


     

       
243

       
243

       
 

       
        ExecStart = "${pkgs.python3Packages.journalwatch}/bin/journalwatch mail";


     

       
244

       
244

       
 

       
        # lowest CPU and IO priority, but both still in best-effort class to prevent starvation


     

       
245

       
245

       
 

       
        Nice=19;
+1 -1
nixos/modules/services/matrix/appservice-discord.nix 
···

       
137

       
137

       
 

       
        PrivateTmp = true;


     

       
138

       
138

       
 

       
        WorkingDirectory = appDir;


     

       
139

       
139

       
 

       
        StateDirectory = baseNameOf dataDir;


     

       
140

       

       
-

       
        UMask = 0027;


     

       

       
140

       
+

       
        UMask = "0027";


     

       
141

       
141

       
 

       
        EnvironmentFile = cfg.environmentFile;


     

       
142

       
142

       
 

       



     

       
143

       
143

       
 

       
        ExecStart = ''
+1 -1
nixos/modules/services/matrix/mautrix-telegram.nix 
···

       
162

       
162

       
 

       
        PrivateTmp = true;


     

       
163

       
163

       
 

       
        WorkingDirectory = pkgs.mautrix-telegram; # necessary for the database migration scripts to be found


     

       
164

       
164

       
 

       
        StateDirectory = baseNameOf dataDir;


     

       
165

       

       
-

       
        UMask = 0027;


     

       

       
165

       
+

       
        UMask = "0027";


     

       
166

       
166

       
 

       
        EnvironmentFile = cfg.environmentFile;


     

       
167

       
167

       
 

       



     

       
168

       
168

       
 

       
        ExecStart = ''
+1 -1
nixos/modules/services/misc/geoipupdate.nix 
···

       
183

       
183

       
 

       
        DynamicUser = true;


     

       
184

       
184

       
 

       
        ReadWritePaths = cfg.settings.DatabaseDirectory;


     

       
185

       
185

       
 

       
        RuntimeDirectory = "geoipupdate";


     

       
186

       

       
-

       
        RuntimeDirectoryMode = 0700;


     

       

       
186

       
+

       
        RuntimeDirectoryMode = "0700";


     

       
187

       
187

       
 

       
        CapabilityBoundingSet = "";


     

       
188

       
188

       
 

       
        PrivateDevices = true;


     

       
189

       
189

       
 

       
        PrivateMounts = true;
+1 -1
nixos/modules/services/misc/mx-puppet-discord.nix 
···

       
107

       
107

       
 

       
        PrivateTmp = true;


     

       
108

       
108

       
 

       
        WorkingDirectory = pkgs.mx-puppet-discord;


     

       
109

       
109

       
 

       
        StateDirectory = baseNameOf dataDir;


     

       
110

       

       
-

       
        UMask = 0027;


     

       

       
110

       
+

       
        UMask = "0027";


     

       
111

       
111

       
 

       



     

       
112

       
112

       
 

       
        ExecStart = ''


     

       
113

       
113

       
 

       
          ${pkgs.mx-puppet-discord}/bin/mx-puppet-discord \
+1 -1
nixos/modules/services/misc/rmfakecloud.nix 
···

       
138

       
138

       
 

       
        SystemCallArchitectures = "native";


     

       
139

       
139

       
 

       
        WorkingDirectory = serviceDataDir;


     

       
140

       
140

       
 

       
        StateDirectory = baseNameOf serviceDataDir;


     

       
141

       

       
-

       
        UMask = 0027;


     

       

       
141

       
+

       
        UMask = "0027";


     

       
142

       
142

       
 

       
      };


     

       
143

       
143

       
 

       
    };


     

       
144

       
144

       
 

       
  };
+1 -1
nixos/modules/services/monitoring/parsedmarc.nix 
···

       
494

       
494

       
 

       
            Group = "parsedmarc";


     

       
495

       
495

       
 

       
            DynamicUser = true;


     

       
496

       
496

       
 

       
            RuntimeDirectory = "parsedmarc";


     

       
497

       

       
-

       
            RuntimeDirectoryMode = 0700;


     

       

       
497

       
+

       
            RuntimeDirectoryMode = "0700";


     

       
498

       
498

       
 

       
            CapabilityBoundingSet = "";


     

       
499

       
499

       
 

       
            PrivateDevices = true;


     

       
500

       
500

       
 

       
            PrivateMounts = true;
+1 -1
nixos/modules/services/web-apps/bookstack.nix 
···

       
372

       
372

       
 

       
        User = user;


     

       
373

       
373

       
 

       
        WorkingDirectory = "${bookstack}";


     

       
374

       
374

       
 

       
        RuntimeDirectory = "bookstack/cache";


     

       
375

       

       
-

       
        RuntimeDirectoryMode = 0700;


     

       

       
375

       
+

       
        RuntimeDirectoryMode = "0700";


     

       
376

       
376

       
 

       
      };


     

       
377

       
377

       
 

       
      path = [ pkgs.replace-secret ];


     

       
378

       
378

       
 

       
      script =
+2 -2
nixos/modules/services/web-apps/discourse.nix 
···

       
798

       
798

       
 

       
          "public"


     

       
799

       
799

       
 

       
          "sockets"


     

       
800

       
800

       
 

       
        ];


     

       
801

       

       
-

       
        RuntimeDirectoryMode = 0750;


     

       

       
801

       
+

       
        RuntimeDirectoryMode = "0750";


     

       
802

       
802

       
 

       
        StateDirectory = map (p: "discourse/" + p) [


     

       
803

       
803

       
 

       
          "uploads"


     

       
804

       
804

       
 

       
          "backups"


     

       
805

       
805

       
 

       
          "tmp"


     

       
806

       
806

       
 

       
        ];


     

       
807

       

       
-

       
        StateDirectoryMode = 0750;


     

       

       
807

       
+

       
        StateDirectoryMode = "0750";


     

       
808

       
808

       
 

       
        LogsDirectory = "discourse";


     

       
809

       
809

       
 

       
        TimeoutSec = "infinity";


     

       
810

       
810

       
 

       
        Restart = "on-failure";
+1 -1
nixos/modules/services/web-apps/keycloak.nix 
···

       
616

       
616

       
 

       
              Group = "keycloak";


     

       
617

       
617

       
 

       
              DynamicUser = true;


     

       
618

       
618

       
 

       
              RuntimeDirectory = "keycloak";


     

       
619

       

       
-

       
              RuntimeDirectoryMode = 0700;


     

       

       
619

       
+

       
              RuntimeDirectoryMode = "0700";


     

       
620

       
620

       
 

       
              AmbientCapabilities = "CAP_NET_BIND_SERVICE";


     

       
621

       
621

       
 

       
            };


     

       
622

       
622

       
 

       
            script = ''
+1 -1
nixos/modules/services/web-apps/snipe-it.nix 
···

       
394

       
394

       
 

       
        User = user;


     

       
395

       
395

       
 

       
        WorkingDirectory = snipe-it;


     

       
396

       
396

       
 

       
        RuntimeDirectory = "snipe-it/cache";


     

       
397

       

       
-

       
        RuntimeDirectoryMode = 0700;


     

       

       
397

       
+

       
        RuntimeDirectoryMode = "0700";


     

       
398

       
398

       
 

       
      };


     

       
399

       
399

       
 

       
      path = [ pkgs.replace-secret ];


     

       
400

       
400

       
 

       
      script =