nixos/paperless: Enable UMask now that it works (#240010)

According to https://github.com/NixOS/nixpkgs/issues/147599#issuecomment-1272286679 the bug that prevented this UMask directive from working has been fixed in systemd, so it should be safe to use now. This stops paperless-ngx from making everything world-readable on disk, but it does not change permissions of any files previously created.
2023-06-28 10:48:25 -04:00 · 2023-06-28 10:48:25 -04:00 · 211d94d70b
commit 211d94d70b
parent e9782f715d
1 changed files with 1 additions and 2 deletions
--- a/nixos/modules/services/misc/paperless.nix
+++ b/nixos/modules/services/misc/paperless.nix
@ -86,8 +86,7 @@ let
    SupplementaryGroups = optional enableRedis redisServer.user;
    SystemCallArchitectures = "native";
    SystemCallFilter = [ "@system-service" "~@privileged @setuid @keyring" ];
-    # Does not work well with the temporary root
-    #UMask = "0066";
+    UMask = "0066";
  };
 in
 {