nixos/garage: add user-given path to ReadWritePaths (NixOS#373114)

artemist · web-flow · commit 4a75ef3d7157 · 2025-01-20T21:54:54.000Z
diff --git a/nixos/modules/services/web-servers/garage.nix b/nixos/modules/services/web-servers/garage.nix
@@ -11,18 +11,14 @@ let
   cfg = config.services.garage;
   toml = pkgs.formats.toml { };
   configFile = toml.generate "garage.toml" cfg.settings;
-
-  anyHasPrefix =
-    prefix: strOrList:
-    if isString strOrList then
-      hasPrefix prefix strOrList
-    else
-      any ({ path, ... }: hasPrefix prefix path) strOrList;
 in
 {
   meta = {
     doc = ./garage.md;
-    maintainers = [ maintainers.mjm ];
+    maintainers = with lib.maintainers; [
+      mjm
+      cything
+    ];
   };
 
   options.services.garage = {
@@ -44,13 +40,13 @@ in
     };
 
     logLevel = mkOption {
-      type = types.enum ([
+      type = types.enum [
         "error"
         "warn"
         "info"
         "debug"
         "trace"
-      ]);
+      ];
       default = "info";
       example = "debug";
       description = "Garage log level, see <https://garagehq.deuxfleurs.fr/documentation/quick-start/#launching-the-garage-server> for examples.";
@@ -125,18 +121,32 @@ in
       restartTriggers = [
         configFile
       ] ++ (lib.optional (cfg.environmentFile != null) cfg.environmentFile);
-      serviceConfig = {
-        ExecStart = "${cfg.package}/bin/garage server";
-
-        StateDirectory = mkIf (
-          anyHasPrefix "/var/lib/garage" cfg.settings.data_dir
-          || hasPrefix "/var/lib/garage" cfg.settings.metadata_dir
-        ) "garage";
-        DynamicUser = lib.mkDefault true;
-        ProtectHome = true;
-        NoNewPrivileges = true;
-        EnvironmentFile = lib.optional (cfg.environmentFile != null) cfg.environmentFile;
-      };
+      serviceConfig =
+        let
+          paths = lib.flatten (
+            with cfg.settings;
+            [
+              metadata_dir
+            ]
+            # data_dir can either be a string or a list of attrs
+            # if data_dir is a list, the actual path will in in the `path` attribute of each item
+            # see https://garagehq.deuxfleurs.fr/documentation/reference-manual/configuration/#data_dir
+            ++ lib.optional (lib.isList data_dir) (map (item: item.path) data_dir)
+            ++ lib.optional (lib.isString data_dir) [ data_dir ]
+          );
+          isDefault = lib.hasPrefix "/var/lib/garage";
+          isDefaultStateDirectory = lib.any isDefault paths;
+        in
+        {
+          ExecStart = "${cfg.package}/bin/garage server";
+
+          StateDirectory = lib.mkIf isDefaultStateDirectory "garage";
+          DynamicUser = lib.mkDefault true;
+          ProtectHome = true;
+          NoNewPrivileges = true;
+          EnvironmentFile = lib.optional (cfg.environmentFile != null) cfg.environmentFile;
+          ReadWritePaths = lib.filter (x: !(isDefault x)) (lib.flatten [ paths ]);
+        };
       environment = {
         RUST_LOG = lib.mkDefault "garage=${cfg.logLevel}";
       } // cfg.extraEnvironment;
