From 87fefcae2ab6be02d45df9a0bd65d10fd6c2a0a8 Mon Sep 17 00:00:00 2001
From: eyjhb <eyjhbb@gmail.com>
Date: Fri, 9 Aug 2024 21:11:10 +0200
Subject: [PATCH] state: add systemd.tmpfiles.rules for `/var/lib/private`

---
 shared/modules/state.nix | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/shared/modules/state.nix b/shared/modules/state.nix
index 10264a7..ca49cba 100644
--- a/shared/modules/state.nix
+++ b/shared/modules/state.nix
@@ -29,5 +29,12 @@ in {
         ];
       };
     };
+
+    # fixes the following error, when trying to use impermanence
+    # in `/var/lib/private`, which is needed for DynamicUser.
+    # Error: Directory "/var/lib/private" already exists, but has mode 0755 that is too permissive (0700 was requested), refusing.
+    systemd.tmpfiles.rules = [
+        "d /var/lib/private 0700 root root - -"
+    ];
   };
 }