From b8c460073a32169098b6bfe4b827c83a4605d315 Mon Sep 17 00:00:00 2001
From: Tommy <contact@tommytran.io>
Date: Mon, 24 Jun 2024 23:47:16 -0700
Subject: [PATCH] Make /var/lib/nginx optional

So it's easier to reuse this in distros like Ubuntu

Signed-off-by: Tommy <contact@tommytran.io>
---
 etc/systemd/system/nginx.service.d/override.conf | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/etc/systemd/system/nginx.service.d/override.conf b/etc/systemd/system/nginx.service.d/override.conf
index 7346ff9..78e53a8 100644
--- a/etc/systemd/system/nginx.service.d/override.conf
+++ b/etc/systemd/system/nginx.service.d/override.conf
@@ -18,7 +18,7 @@ ProtectKernelModules=true
 ProtectKernelTunables=true
 ProtectProc=invisible
 ProtectSystem=strict
-ReadWritePaths=/var/lib/nginx /var/log/nginx -/var/cache/nginx
+ReadWritePaths=-/var/lib/nginx /var/log/nginx -/var/cache/nginx
 RestrictAddressFamilies=AF_INET AF_INET6 AF_UNIX
 RestrictNamespaces=true
 RestrictRealtime=true
@@ -27,4 +27,4 @@ RuntimeDirectory=nginx
 RuntimeDirectoryMode=700
 SystemCallArchitectures=native
 SystemCallFilter=@system-service
-SystemCallFilter=~@obsolete
\ No newline at end of file
+SystemCallFilter=~@obsolete