gn-uploader: Change ownership of data-directory

While the share is technically writable from the container, the
service was running as an unprivileged user, and thus could not write
to the data-directory. This commit changes the ownership of the
data-directory to the same user that runs the service.

1 files changed, 6 insertions, 2 deletions

diff --git a/genenetwork/services/genenetwork.scm b/genenetwork/services/genenetwork.scm
index 9d503ab..af0c3fc 100644
--- a/genenetwork/services/genenetwork.scm
+++ b/genenetwork/services/genenetwork.scm
@@ -389,7 +389,7 @@ a @code{<genenetwork-configuration>} record."
 
 (define (gn-uploader-activation config)
   (match-record config <gn-uploader-configuration>
-    (secrets)
+    (secrets data-directory)
     (with-imported-modules '((guix build utils))
       #~(begin
           (use-modules (guix build utils))
@@ -400,7 +400,11 @@ a @code{<genenetwork-configuration>} record."
           ;; Set owner-only permissions on secrets files.
           (for-each (lambda (file)
                       (chmod file #o600))
-                    (list #$secrets))))))
+                    (list #$secrets))
+          ;; Let gn-uploader service own its data-directory
+          (chown #$data-directory
+                 (passwd:uid (getpw "gunicorn-gn-uploader"))
+                 (passwd:gid (getpw "gunicorn-gn-uploader")))))))
 
 (define (gn-uploader-gunicorn-app config)
   (match-record config <gn-uploader-configuration>