From 8bd6ffbc7abeb4106e1e1849adabdc5980865877 Mon Sep 17 00:00:00 2001
From: Jakob Lechner <mail@jalr.de>
Date: Sun, 20 Jul 2025 16:53:44 +0200
Subject: [PATCH 1/4] Fix database privileges

Fixes psycopg2.errors.InsufficientPrivilege: permission denied for
schema public
---
 nix/modules/fieldpoc.nix | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/nix/modules/fieldpoc.nix b/nix/modules/fieldpoc.nix
index 24462ad..bba2623 100644
--- a/nix/modules/fieldpoc.nix
+++ b/nix/modules/fieldpoc.nix
@@ -98,6 +98,11 @@ in {
         CREATE ROLE fieldpoc WITH LOGIN PASSWORD 'fieldpoc' CREATEDB;
         CREATE DATABASE fieldpoc;
         GRANT ALL PRIVILEGES ON DATABASE fieldpoc TO fieldpoc;
+
+        \connect fieldpoc
+        GRANT USAGE, CREATE ON SCHEMA public TO fieldpoc;
+
+        \connect postgres
       '';
     };
 

From abc8263e0225a8461dc3345cad054952e842a12f Mon Sep 17 00:00:00 2001
From: Jakob Lechner <mail@jalr.de>
Date: Sun, 20 Jul 2025 19:53:38 +0200
Subject: [PATCH 2/4] Force DHCP server to bind sockets

and add restart policy to systemd service
---
 nix/modules/dhcp.nix | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/nix/modules/dhcp.nix b/nix/modules/dhcp.nix
index 30e689a..05d7227 100644
--- a/nix/modules/dhcp.nix
+++ b/nix/modules/dhcp.nix
@@ -44,11 +44,17 @@ in {
   };
 
   config = mkIf cfg.enable {
+    systemd.services.kea-dhcp4-server.serviceConfig = {
+      Restart = "on-failure";
+      RestartSec = 3;
+    };
+
     services.kea.dhcp4 = {
       enable = true;
       settings = {
         interfaces-config = {
           interfaces = [ cfg.interface ];
+          service-sockets-require-all = true;
         };
         option-def = [
           {

From 8894e4dd231ef3548a9d748340a87e7e88f42058 Mon Sep 17 00:00:00 2001
From: Jakob Lechner <mail@jalr.de>
Date: Sun, 20 Jul 2025 20:41:12 +0200
Subject: [PATCH 3/4] Remove assignment of unused variable

---
 fieldpoc/dect.py | 1 -
 1 file changed, 1 deletion(-)

diff --git a/fieldpoc/dect.py b/fieldpoc/dect.py
index 43811ff..0229601 100644
--- a/fieldpoc/dect.py
+++ b/fieldpoc/dect.py
@@ -27,7 +27,6 @@ class Dect:
         return next(self.fp.extensions.extensions_by_type("temp")).num
 
     def load_temp_extensions(self):
-        current_temp_extension = 0
         used_temp_extensions = self.c.find_users(lambda u: u.num.startswith(self.temp_num_prefix))
         for u in used_temp_extensions:
             temp_num = u.num

From f490ba26d02efd458d7bdfdcce37a5f5b62ce485 Mon Sep 17 00:00:00 2001
From: Jakob Lechner <mail@jalr.de>
Date: Sun, 20 Jul 2025 21:52:35 +0200
Subject: [PATCH 4/4] Fix RuntimeDirectoryMode

`config.json` inside the runtime directory contains secrets and should
therefore not be world-readable.
---
 nix/modules/fieldpoc.nix | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/nix/modules/fieldpoc.nix b/nix/modules/fieldpoc.nix
index bba2623..18adc52 100644
--- a/nix/modules/fieldpoc.nix
+++ b/nix/modules/fieldpoc.nix
@@ -41,7 +41,7 @@ in {
         User = "fieldpoc";
         Group = "fieldpoc";
         RuntimeDirectory = "fieldpoc";
-        RuntimeDirectoryMode = "0755";
+        RuntimeDirectoryMode = "0750";
         ConfigurationDirectory = "fieldpoc";
         StateDirectory = "fieldpoc";
         StateDirectoryMode = "0700";