From 636d3d98a6a7f29394a1ac9add35b1dc9674acb9 Mon Sep 17 00:00:00 2001
From: xenia <xenia@ccs.neu.edu>
Date: Tue, 9 Apr 2024 16:12:49 -0400
Subject: [PATCH] ghidra-server: fixup /var/lib/ghidra-server perms

---
 modules/ghidra-server/default.nix | 8 +++++++-
 1 file changed, 7 insertions(+), 1 deletion(-)

diff --git a/modules/ghidra-server/default.nix b/modules/ghidra-server/default.nix
index 3da9112..8299949 100644
--- a/modules/ghidra-server/default.nix
+++ b/modules/ghidra-server/default.nix
@@ -40,7 +40,6 @@ let cfg = config.services.ghidra-server; in {
       isSystemUser = true;
       home = cfg.directory;
       group = cfg.group;
-      createHome = true;
       packages = [ cfg.package cfg.jdkPackage ];
     };
 
@@ -69,6 +68,13 @@ let cfg = config.services.ghidra-server; in {
           Group = cfg.group;
           SuccessExitStatus = 143;
 
+          # use StateDirectory to create home dir and additional needed dirs with overridden
+          # permissions when the unit starts
+          # this is needed because we'd like the group (ghidra) to have write access to the
+          # directories here, particularly ~admin
+          StateDirectory = "${cfg.directory} ${cfg.directory}/repositories ${cfg.directory}/repositories/~admin";
+          StateDirectoryMode = "0770";
+
           PrivateTmp = true;
           NoNewPrivileges = true;
         };