Systemd config `ProtectSystem=full` prevents migrate_from_db
Environment
- Installation type (OTP or From Source): OTP
- Pleroma version (could be found in the "Version" tab of settings in Pleroma-FE): 2.3.0-1-gb221d77a
- Elixir version (
elixir -vfor from source installations, N/A for OTP): N/A - Operating system: Ubuntu 20.04.1 LTS x86_64
- PostgreSQL version (
psql -V): psql (PostgreSQL) 12.6
Bug description
$ sudo -u pleroma ./bin/pleroma_ctl config migrate_from_db
** (File.Error) could not open "/etc/pleroma/prod.exported_from_db.secret.exs": read-only file system
(elixir 1.10.3) lib/file.ex:1441: File.open!/2
lib/mix/tasks/pleroma/config.ex:272: Mix.Tasks.Pleroma.Config.migrate_from_db/1
(stdlib 3.12.1) erl_eval.erl:680: :erl_eval.do_apply/6
(elixir 1.10.3) lib/code.ex:341: Code.eval_string_with_error_handling/3This is because ProtectSystem=full in pleroma.service mounts /etc/ as read-only for Pleroma, and changing it to ProtectSystem=true solves the problem.
I suppose that there can be some security considerations I'm not aware of, so I might suggest writing to some other places and asking the user to move it manually.