titaniumtown/server-config
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

feat(tmpfiles): defer per-service file permissions to reduce boot time

Browse Source
This commit is contained in:
Simon Gardling
2026-02-12 18:48:29 -05:00
parent 84cbe82cb0
commit 82add97a80
19 changed files with 139 additions and 53 deletions
Download Patch File Download Diff File Expand all files Collapse all files

9
services/bitwarden.nix
View File

@@ -15,6 +15,10 @@
service_configs.vaultwarden.path
config.services.vaultwarden.backupDir
])
(lib.serviceFilePerms "vaultwarden" [
"Z ${service_configs.vaultwarden.path} 0700 vaultwarden vaultwarden"
"Z ${config.services.vaultwarden.backupDir} 0700 vaultwarden vaultwarden"
])
];
services.vaultwarden = {
@@ -39,11 +43,6 @@
}
'';
systemd.tmpfiles.rules = [
"Z ${service_configs.vaultwarden.path} 0700 vaultwarden vaultwarden"
"Z ${config.services.vaultwarden.backupDir} 0700 vaultwarden vaultwarden"
];
# Protect Vaultwarden login from brute force attacks
services.fail2ban.jails.vaultwarden = {
enabled = true;