ghidra-server: fixup /var/lib/ghidra-server perms

modules/ghidra-server/default.nix

@@ -40,7 +40,6 @@ let cfg = config.services.ghidra-server; in {
       isSystemUser = true;
       home = cfg.directory;
       group = cfg.group;
-      createHome = true;
       packages = [ cfg.package cfg.jdkPackage ];
     };
 
@@ -69,6 +68,13 @@ let cfg = config.services.ghidra-server; in {
           Group = cfg.group;
           SuccessExitStatus = 143;
 
+          # use StateDirectory to create home dir and additional needed dirs with overridden
+          # permissions when the unit starts
+          # this is needed because we'd like the group (ghidra) to have write access to the
+          # directories here, particularly ~admin
+          StateDirectory = "${cfg.directory} ${cfg.directory}/repositories ${cfg.directory}/repositories/~admin";
+          StateDirectoryMode = "0770";
+
           PrivateTmp = true;
           NoNewPrivileges = true;
         };