From efe0c0169626f509938c479e29191b15a36834b4 Mon Sep 17 00:00:00 2001
From: Gregor Kleen <gkleen@yggdrasil.li>
Date: Sun, 21 Nov 2021 15:18:52 +0100
Subject: ymir: ...

---
 custom/ymir-nginx.nix | 2 +-
 ymir.nix              | 5 +++--
 2 files changed, 4 insertions(+), 3 deletions(-)

diff --git a/custom/ymir-nginx.nix b/custom/ymir-nginx.nix
index eece8ffb..bc4e0a78 100644
--- a/custom/ymir-nginx.nix
+++ b/custom/ymir-nginx.nix
@@ -250,7 +250,7 @@ in {
 
         server_name ~^ftp\.(yggdrasil\.li|141\.li|praseodym\.org)$;
 
-        client_body_temp_path /tmp/webdav;
+        client_body_temp_path /run/nginx/webdav;
 
         location / {
           root /srv/ftp/$remote_user;
diff --git a/ymir.nix b/ymir.nix
index ee540b59..cf8f43a6 100644
--- a/ymir.nix
+++ b/ymir.nix
@@ -813,14 +813,15 @@ in rec {
   systemd.services."acme-yggdrasil.li" = {
     requires = [ "nginx.service" ]; 
     serviceConfig = {
-      ReadWritePaths = [ "/srv/www/acme" "/tmp/webdav" ];
+      ReadWritePaths = [ "/srv/www/acme" ];
+      RuntimeDirectory = [ "nginx/webdav" ];
+      RuntimeDirectoryMode = "0700";
     };
   };
   systemd.tmpfiles.rules
     = let mkAcmeDir = domain: "d /srv/www/acme 0775 root ssl 10d -";
       in map mkAcmeDir myDomains ++ [
         "L /etc/nixos - - - - /root/nixos"
-        "d /tmp/webdav 0700 nginx nginx 1h"
       ];
 
   services.uucp = {
-- 
cgit v1.2.3