nixos: Add non-default storage path to ReadWritePaths

This prevents "read-only storage" errors when setting a non-default
local storage path. The non-default path must exist beforehand.

Co-authored-by: Zhaofeng Li <hello@zhaofeng.li>

nixos/atticd.nix

@@ -203,6 +203,10 @@ in
           RestrictNamespaces = true;
           RestrictRealtime = true;
           RestrictSUIDSGID = true;
+          ReadWritePaths = let
+            path = cfg.settings.storage.path;
+            isDefaultStateDirectory = path == "/var/lib/atticd" || lib.hasPrefix "/var/lib/atticd/" path;
+          in lib.optionals (cfg.settings.storage.type or "" == "local" && !isDefaultStateDirectory) [ path ];
         };
       };