From cf7041c5ad2c02f87cbbea0ad71efb53ba5d7517 Mon Sep 17 00:00:00 2001
From: Florian Sesser <florian@private.storage>
Date: Wed, 11 Aug 2021 16:52:13 +0000
Subject: [PATCH] Move existing database if it exists

---
 nixos/modules/issuer.nix | 15 +++++++++++++++
 1 file changed, 15 insertions(+)

diff --git a/nixos/modules/issuer.nix b/nixos/modules/issuer.nix
index 409f468a..eac52e1e 100644
--- a/nixos/modules/issuer.nix
+++ b/nixos/modules/issuer.nix
@@ -170,6 +170,21 @@ in {
       serviceConfig.StateDirectory = "zkapissuer";
       serviceConfig.StateDirectoryMode = "0750";
 
+      # Move the DB from its former (root-owned) location if it exists.
+      # The "--verbose" option for cp and "--changes" for chown mean the
+      # tools will report if they to something, and stay silent if not.
+      # https://www.freedesktop.org/software/systemd/man/systemd.service.html#Command%20lines
+      # > If the executable path is prefixed with "-", an exit code of the
+      # > command normally considered a failure (i.e. non-zero exit status or
+      # > abnormal exit due to signal) is recorded, but has no further effect
+      # > and is considered equivalent to success.
+      # [...]
+      # > If the executable path is prefixed with "+" then the process is executed with full privileges.
+      serviceConfig.ExecStartPre = [
+        "-+${pkgs.coreutils}/bin/cp --update --verbose /var/db/vouchers.sqlite3 /var/lib/zkapissuer/vouchers.sqlite3"
+        "-+${pkgs.coreutils}/bin/chown --changes zkapissuer:zkapissuer /var/lib/zkapissuer/vouchers.sqlite3"
+      ];
+
       script =
         let
           # Compute the right command line arguments to pass to it.  The
-- 
GitLab