ewancroft.uk / nix
My nix-darwin and NixOS config
3
fork

Configure Feed

Select the types of activity you want to include in your feed.

fix(sharkey): create media dir via tmpfiles, drop ReadWritePaths

The nixpkgs sharkey module bind-mounts mediaDirectory into the service
namespace; if the path doesn't exist the unit fails with NAMESPACE (226).
Create it via systemd.tmpfiles.rules (owned sharkey:sharkey) instead of
relying on ReadWritePaths, which conflicted with the module's sandboxing.

Also strip the now-redundant nixos-rebuild prompt from the migration script.

Ewan Croft 08bda32e c1bf8a63

+8 -7
+8 -3
modules/server/sharkey.nix
··· 86 86 }; 87 87 }; 88 88 89 - # ── Keep media on /srv (same physical disk as all other service data) ────── 89 + # ── Media directory on /srv ─────────────────────────────────────────────── 90 + # Must exist before Sharkey starts — nixpkgs bind-mounts mediaDirectory into 91 + # the service namespace and fails with NAMESPACE (226) if the path is absent. 92 + systemd.tmpfiles.rules = [ 93 + "d ${sk.mediaDir} 0750 sharkey sharkey -" 94 + ]; 95 + 96 + # ── Systemd service tweaks ──────────────────────────────────────────────── 90 97 systemd.services.sharkey = { 91 98 after = [ "srv.mount" ]; 92 99 wants = [ "srv.mount" ]; 93 100 serviceConfig = { 94 - ReadWritePaths = [ sk.mediaDir ]; 95 101 Restart = lib.mkForce "always"; 96 102 RestartSec = cfg.server.servicePolicy.restartSec; 97 103 }; 98 - 99 104 }; 100 105 101 106 # ── Caddy vhost — same pattern as every other CF-tunnel service ───────────
-4
scripts/migrate-gts-to-sharkey.sh
··· 146 146 info "GoToSocial is not running — nothing to stop." 147 147 fi 148 148 149 - warn "Now run: nixos-rebuild switch --flake .#server" 150 - warn "(myConfig.services.sharkey.enable = true in your host config)" 151 - read -r -p "$(echo -e "${YELLOW}Press Enter once nixos-rebuild switch completes...${NC}")" 152 - 153 149 systemctl is-active --quiet sharkey || error "Sharkey is not running. Check: journalctl -u sharkey -n 50" 154 150 systemctl is-active --quiet postgresql || error "PostgreSQL is not running." 155 151 info "Sharkey + PostgreSQL are up."