From 95aeff8cdcd35cf5bcfdd08c7c28618c6d579f02 Mon Sep 17 00:00:00 2001 From: Ginger Date: Fri, 29 Aug 2025 12:16:21 -0400 Subject: [PATCH 1/2] Set the DB path as an env var in systemd service files to prevent footgunning --- arch/conduwuit.service | 1 + debian/conduwuit.service | 1 + fedora/conduwuit.service | 1 + src/core/config/mod.rs | 6 ++++-- 4 files changed, 7 insertions(+), 2 deletions(-) diff --git a/arch/conduwuit.service b/arch/conduwuit.service index 34c3995e..18c34f33 100644 --- a/arch/conduwuit.service +++ b/arch/conduwuit.service @@ -20,6 +20,7 @@ StandardError=journal+console Environment="CONTINUWUITY_LOG_TO_JOURNALD=true" Environment="CONTINUWUITY_JOURNALD_IDENTIFIER=%N" +Environment="CONTINUWUITY_DATABASE_PATH=/var/lib/conduwuit" TTYReset=yes # uncomment to allow buffer to be cleared every restart diff --git a/debian/conduwuit.service b/debian/conduwuit.service index da78f09f..ec2505b5 100644 --- a/debian/conduwuit.service +++ b/debian/conduwuit.service @@ -16,6 +16,7 @@ Environment="CONTINUWUITY_CONFIG=/etc/conduwuit/conduwuit.toml" Environment="CONTINUWUITY_LOG_TO_JOURNALD=true" Environment="CONTINUWUITY_JOURNALD_IDENTIFIER=%N" +Environment="CONTINUWUITY_DATABASE_PATH=/var/lib/conduwuit" ExecStart=/usr/sbin/conduwuit diff --git a/fedora/conduwuit.service b/fedora/conduwuit.service index 6ab2af46..f37c7798 100644 --- a/fedora/conduwuit.service +++ b/fedora/conduwuit.service @@ -15,6 +15,7 @@ Environment="CONTINUWUITY_CONFIG=/etc/conduwuit/conduwuit.toml" Environment="CONTINUWUITY_LOG_TO_JOURNALD=true" Environment="CONTINUWUITY_JOURNALD_IDENTIFIER=%N" +Environment="CONTINUWUITY_DATABASE_PATH=/var/lib/conduwuit" ExecStart=/usr/bin/conduwuit diff --git a/src/core/config/mod.rs b/src/core/config/mod.rs index e8518ed4..58a39a75 100644 --- a/src/core/config/mod.rs +++ b/src/core/config/mod.rs @@ -126,9 +126,11 @@ pub struct Config { /// This is the only directory where continuwuity will save its data, /// including media. Note: this was previously "/var/lib/matrix-conduit". /// - /// YOU NEED TO EDIT THIS. + /// YOU NEED TO EDIT THIS, UNLESS you are running continuwuity as a `systemd` service. + /// The service file sets it to `/var/lib/conduwuit` using an environment variable + /// and also grants write access. /// - /// example: "/var/lib/continuwuity" + /// example: "/var/lib/conduwuit" pub database_path: PathBuf, /// continuwuity supports online database backups using RocksDB's Backup From 99b44bbf0946b1ad426ed0bf719674300576721c Mon Sep 17 00:00:00 2001 From: Ginger Date: Fri, 29 Aug 2025 12:30:48 -0400 Subject: [PATCH 2/2] Update conduwuit-example.toml --- conduwuit-example.toml | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/conduwuit-example.toml b/conduwuit-example.toml index f0e510b4..fa65cbf2 100644 --- a/conduwuit-example.toml +++ b/conduwuit-example.toml @@ -79,9 +79,11 @@ # This is the only directory where continuwuity will save its data, # including media. Note: this was previously "/var/lib/matrix-conduit". # -# YOU NEED TO EDIT THIS. +# YOU NEED TO EDIT THIS, UNLESS you are running continuwuity as a `systemd` service. +# The service file sets it to `/var/lib/conduwuit` using an environment variable +# and also grants write access. # -# example: "/var/lib/continuwuity" +# example: "/var/lib/conduwuit" # #database_path =