From 13ea009fec42a3c206d3397306be36510c6a61c0 Mon Sep 17 00:00:00 2001
From: niten <niten@fudo.org>
Date: Thu, 25 Jan 2024 09:57:04 -0800
Subject: [PATCH] Make things not readonly

---
 lemmy-container.nix | 13 ++++++++-----
 1 file changed, 8 insertions(+), 5 deletions(-)

diff --git a/lemmy-container.nix b/lemmy-container.nix
index fa71760..f794ae0 100644
--- a/lemmy-container.nix
+++ b/lemmy-container.nix
@@ -67,14 +67,17 @@ in {
         hostPort = cfg.port;
         containerPort = 80;
       }];
-      ## Does ephemeral mean read-only?
-      # ephemeral = true;
+      ephemeral = true;
       bindMounts = {
         "/var/lib/postgres/data" = {
           hostPath = "${cfg.state-directory}/postgres";
+          isReadOnly = false;
         };
-        "/var/lib/private" = { hostPath = "${cfg.state-directory}/pictrs"; };
-        "${cfg.admin-password-file}" = {
+        "/var/lib/private" = {
+          hostPath = "${cfg.state-directory}/pictrs";
+          isReadOnly = false;
+        };
+        "/run/lemmy-container/admin.passwd" = {
           isReadOnly = true;
           hostPath = cfg.admin-password-file;
         };
@@ -90,7 +93,7 @@ in {
           lemmy = {
             enable = true;
             database.createLocally = true;
-            adminPasswordFile = cfg.admin-password-file;
+            adminPasswordFile = "/run/lemmy-container/admin.passwd";
             nginx.enable = true;
             server.package = cfg.server-package;
             settings = {