nixos/kubernetes: set k8 home permissions correctly

author: Joris Bolsens <joris@jojolabs.com> 2024-02-14 14:42:02 -0800
committer: Joris Bolsens <joris@jojolabs.com> 2024-02-15 23:11:59 -0800
commit: 81391bd22fe9c33c556563bab062da95ecdc15c0 (patch)
tree: 46f8c47f5b90bab1928e1e447d8f58a6a1360fbf /nixos/modules/services/cluster
parent: 6a11b7a77777eeea5f6f7ce062cba5d458a92875 (diff)
1 files changed, 2 insertions, 1 deletions
diff --git a/nixos/modules/services/cluster/kubernetes/default.nix b/nixos/modules/services/cluster/kubernetes/default.nix
index 3fb916c76971..a920b6cb1268 100644
--- a/nixos/modules/services/cluster/kubernetes/default.nix
+++ b/nixos/modules/services/cluster/kubernetes/default.nix
@@ -285,7 +285,7 @@ in {
       systemd.tmpfiles.rules = [
         "d /opt/cni/bin 0755 root root -"
         "d /run/kubernetes 0755 kubernetes kubernetes -"
-        "d /var/lib/kubernetes 0755 kubernetes kubernetes -"
+        "d ${cfg.dataDir} 0755 kubernetes kubernetes -"
       ];
 
       users.users.kubernetes = {
@@ -294,6 +294,7 @@ in {
         group = "kubernetes";
         home = cfg.dataDir;
         createHome = true;
+        homeMode = "755";
       };
       users.groups.kubernetes.gid = config.ids.gids.kubernetes;
author	Joris Bolsens <joris@jojolabs.com>	2024-02-14 14:42:02 -0800
committer	Joris Bolsens <joris@jojolabs.com>	2024-02-15 23:11:59 -0800
commit	81391bd22fe9c33c556563bab062da95ecdc15c0 (patch)
tree	46f8c47f5b90bab1928e1e447d8f58a6a1360fbf /nixos/modules/services/cluster
parent	6a11b7a77777eeea5f6f7ce062cba5d458a92875 (diff)