services/unbound: create stateDir

2022-02-24 13:16:07 +07:00 · 2022-02-24 13:16:07 +07:00 · 6504f559c5
commit 6504f559c5
parent 40f3f9b11f
1 changed files with 9 additions and 2 deletions
--- a/modules/services/unbound.nix
+++ b/modules/services/unbound.nix
@ -1,11 +1,18 @@
-{ inputs, ... }: {
+{ inputs, ... }:
+let
+  dir = "/persist/unbound";
+  uid = toString config.ids.uids.unbound;
+  gid = toString config.ids.gids.unbound;
+in {
  networking.firewall.interfaces.wlan0 = {
    allowedUDPPorts = [ 53 ];
    allowedTCPPorts = [ 53 ];
  };
+  systemd.tmpfiles.rules = [ "d ${dir} 700 ${uid} ${gid}" ];
+
  services.unbound = {
    enable = true;
-    stateDir = "/persist/unbound";
+    stateDir = dir;
    settings = {
      forward-zone = [{
        name = ".";