From d111304d71d0f9fc0240565ef00a1126431c7fe4 Mon Sep 17 00:00:00 2001
From: Gabriel Arazas <foo.dogsquared@gmail.com>
Date: Tue, 5 Jul 2022 22:17:43 +0800
Subject: [PATCH] nixos/services: add path assertions

---
 modules/nixos/services/gallery-dl.nix | 4 ++++
 modules/nixos/services/yt-dlp.nix     | 6 ++++++
 2 files changed, 10 insertions(+)

diff --git a/modules/nixos/services/gallery-dl.nix b/modules/nixos/services/gallery-dl.nix
index c236d7d3..80b44757 100644
--- a/modules/nixos/services/gallery-dl.nix
+++ b/modules/nixos/services/gallery-dl.nix
@@ -166,6 +166,10 @@ in {
           SystemCallFilter = "@system-service";
           SystemCallErrorNumber = "EPERM";
         };
+        unitConfig = {
+          AssertPathIsReadWrite = cfg.archivePath;
+          AssertPathIsDirectory = cfg.archivePath;
+        };
       }) cfg.jobs;
   };
 }
diff --git a/modules/nixos/services/yt-dlp.nix b/modules/nixos/services/yt-dlp.nix
index 1d0cd377..a95fcaa0 100644
--- a/modules/nixos/services/yt-dlp.nix
+++ b/modules/nixos/services/yt-dlp.nix
@@ -111,6 +111,8 @@ in {
     };
   };
 
+  # There's no need to go to the working directory since yt-dlp has the
+  # `--paths` flag.
   config = lib.mkIf cfg.enable {
     systemd.services = lib.mapAttrs' (name: value:
       lib.nameValuePair "yt-dlp-archive-service-${name}" {
@@ -142,6 +144,10 @@ in {
           SystemCallFilter = "@system-service";
           SystemCallErrorNumber = "EPERM";
         };
+        unitConfig = {
+          AssertPathIsReadWrite = cfg.archivePath;
+          AssertPathIsDirectory = cfg.archivePath;
+        };
       }) cfg.jobs;
   };
 }