From b326b685de3a50eea65d743ff86c819d4522a4a2 Mon Sep 17 00:00:00 2001
From: Daniel Barlow <dan@telent.net>
Date: Mon, 28 Aug 2023 20:53:45 +0100
Subject: [PATCH] add o+x permission on service-state directories

this is needed for resolvconf, which writes resolv.conf as
an output and wants to make it world-readable
---
 examples/rotuer.nix          | 1 +
 modules/ntp/service.nix      | 2 +-
 modules/s6/scripts/rc.init   | 2 +-
 pkgs/service-fns/default.nix | 2 +-
 4 files changed, 4 insertions(+), 3 deletions(-)

diff --git a/examples/rotuer.nix b/examples/rotuer.nix
index c7c443f..bfe1c41 100644
--- a/examples/rotuer.nix
+++ b/examples/rotuer.nix
@@ -128,6 +128,7 @@ in rec {
       ( in_outputs ${name}
        echo "nameserver $(output ${services.wan} ns1)" > resolv.conf
        echo "nameserver $(output ${services.wan} ns2)" >> resolv.conf
+       chmod 0444 resolv.conf
       )
     '';
     down = ''
diff --git a/modules/ntp/service.nix b/modules/ntp/service.nix
index 49f00b5..6f83a21 100644
--- a/modules/ntp/service.nix
+++ b/modules/ntp/service.nix
@@ -22,7 +22,7 @@ let
     ++
     (mapAttrsToList (name: opts: "peer ${name} ${concatStringsSep "" opts}")
       p.peers)
-    ++ [ "user ${p.user}" ]
+    ++ lib.optional (p.user != null) "user ${p.user}"
     ++ (lib.optional (p.makestep != null) "makestep ${toString p.makestep.threshold} ${toString p.makestep.limit}")
     ++ (map (n: "allow ${n}") p.allow)
     ++ (lib.optional (p.bindaddress != null) "bindaddress ${p.bindaddress}")
diff --git a/modules/s6/scripts/rc.init b/modules/s6/scripts/rc.init
index 9c0747d..d689282 100755
--- a/modules/s6/scripts/rc.init
+++ b/modules/s6/scripts/rc.init
@@ -21,7 +21,7 @@ mount -t sysfs none /sys
 mkdir /dev/pts
 mount -t devpts none /dev/pts
 
-mkdir -m 0750 /run/service-state
+mkdir -m 0751 /run/service-state
 chgrp system /run/service-state
 
 ### If your services are managed by s6-rc:
diff --git a/pkgs/service-fns/default.nix b/pkgs/service-fns/default.nix
index 15c5300..c16c44c 100644
--- a/pkgs/service-fns/default.nix
+++ b/pkgs/service-fns/default.nix
@@ -4,7 +4,7 @@ writeText "service-fns.sh" ''
   output_path() { echo $(realpath $1/.outputs)/$2; }
   mkoutputs() {
     d=/run/service-state/$1
-    mkdir -m 2750 -p $d && chown root:system $d
+    mkdir -m 2751 -p $d && chown root:system $d
     echo $d
   }
   in_outputs() {