From c98be70263964b993c571a9f7014d0ad8cba835d Mon Sep 17 00:00:00 2001
From: Robin Appelman <robin@icewind.nl>
Date: Mon, 22 May 2023 18:50:48 +0200
Subject: [PATCH] nixos: Add non-default storage path to ReadWritePaths

This prevents "read-only storage" errors when setting a non-default
local storage path. The non-default path must exist beforehand.

Co-authored-by: Zhaofeng Li <hello@zhaofeng.li>
---
 nixos/atticd.nix | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/nixos/atticd.nix b/nixos/atticd.nix
index efbc6bb..4ae72e2 100644
--- a/nixos/atticd.nix
+++ b/nixos/atticd.nix
@@ -203,6 +203,10 @@ in
           RestrictNamespaces = true;
           RestrictRealtime = true;
           RestrictSUIDSGID = true;
+          ReadWritePaths = let
+            path = cfg.settings.storage.path;
+            isDefaultStateDirectory = path == "/var/lib/atticd" || lib.hasPrefix "/var/lib/atticd/" path;
+          in lib.optionals (cfg.settings.storage.type or "" == "local" && !isDefaultStateDirectory) [ path ];
         };
       };