From 05deb5b97932ec9fdf3e593296a53d3d8582a3bc Mon Sep 17 00:00:00 2001
From: Noah Masur <7386960+nmasur@users.noreply.github.com>
Date: Sat, 10 Feb 2024 01:40:04 +0000
Subject: [PATCH] fix paperless permissions with umask

instead of running a systemd service timer
---
 modules/nixos/services/paperless.nix | 21 +++++----------------
 1 file changed, 5 insertions(+), 16 deletions(-)

diff --git a/modules/nixos/services/paperless.nix b/modules/nixos/services/paperless.nix
index 5671f67..75705e1 100644
--- a/modules/nixos/services/paperless.nix
+++ b/modules/nixos/services/paperless.nix
@@ -48,23 +48,12 @@
       before = [ "paperless.service" ];
     };
 
-    # Fix permissions on a regular schedule
-    systemd.timers.paperless-permissions = {
-      timerConfig = {
-        OnCalendar = "*-*-* *:0/5"; # Every 5 minutes
-        Unit = "paperless-permissions.service";
-      };
-      wantedBy = [ "timers.target" ];
-    };
-
     # Fix paperless shared permissions
-    systemd.services.paperless-permissions = {
-      description = "Allow group access to paperless files";
-      serviceConfig = { Type = "oneshot"; };
-      script = ''
-        find ${config.services.paperless.mediaDir} -type f -exec chmod 640 -- {} +
-      '';
-    };
+    systemd.services.paperless-web.serviceConfig.UMask = lib.mkForce "0026";
+    systemd.services.paperless-scheduler.serviceConfig.UMask =
+      lib.mkForce "0026";
+    systemd.services.paperless-task-queue.serviceConfig.UMask =
+      lib.mkForce "0026";
 
   };