diff options
| author | Aaron Andersen <aaron@fosslib.net> | 2021-11-06 12:17:01 -0400 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2021-11-06 12:17:01 -0400 |
| commit | a97d32da9c5f9a10902cddcd0377e9a5ceeb2810 (patch) | |
| tree | 286c8cd47d1634afa3e15d885a7a32c7b2d801c1 /nixos | |
| parent | c6c29d5845a0f4691e019471b60033c26a5a6d53 (diff) | |
| parent | cdd385510a69ada4a0c6b3e2348ad6aa4b88344e (diff) | |
Merge pull request #144895 from arcnmx/ddclient-privs
nixos/ddclient: password permission fixes
Diffstat (limited to 'nixos')
| -rw-r--r-- | nixos/modules/services/networking/ddclient.nix | 34 |
1 files changed, 23 insertions, 11 deletions
diff --git a/nixos/modules/services/networking/ddclient.nix b/nixos/modules/services/networking/ddclient.nix index 833b0cbcdcf7..fd9c216b0602 100644 --- a/nixos/modules/services/networking/ddclient.nix +++ b/nixos/modules/services/networking/ddclient.nix @@ -28,6 +28,16 @@ let ''; configFile = if (cfg.configFile != null) then cfg.configFile else configFile'; + preStart = '' + install ${configFile} /run/${RuntimeDirectory}/ddclient.conf + ${lib.optionalString (cfg.configFile == null) (if (cfg.passwordFile != null) then '' + password=$(head -n 1 ${cfg.passwordFile}) + sed -i "s/^password=$/password=$password/" /run/${RuntimeDirectory}/ddclient.conf + '' else '' + sed -i '/^password=$/d' /run/${RuntimeDirectory}/ddclient.conf + '')} + ''; + in with lib; @@ -57,6 +67,15 @@ with lib; ''; }; + package = mkOption { + type = package; + default = pkgs.ddclient; + defaultText = "pkgs.ddclient"; + description = '' + The ddclient executable package run by the service. + ''; + }; + domains = mkOption { default = [ "" ]; type = listOf str; @@ -195,20 +214,13 @@ with lib; serviceConfig = { DynamicUser = true; + RuntimeDirectoryMode = "0700"; inherit RuntimeDirectory; inherit StateDirectory; Type = "oneshot"; - ExecStart = "${lib.getBin pkgs.ddclient}/bin/ddclient -file /run/${RuntimeDirectory}/ddclient.conf"; - }; - preStart = '' - install -m 600 ${configFile} /run/${RuntimeDirectory}/ddclient.conf - ${optionalString (cfg.configFile == null) (if (cfg.passwordFile != null) then '' - password=$(head -n 1 ${cfg.passwordFile}) - sed -i "s/^password=$/password=$password/" /run/${RuntimeDirectory}/ddclient.conf - '' else '' - sed -i '/^password=$/d' /run/${RuntimeDirectory}/ddclient.conf - '')} - ''; + ExecStartPre = "!${pkgs.writeShellScript "ddclient-prestart" preStart}"; + ExecStart = "${lib.getBin cfg.package}/bin/ddclient -file /run/${RuntimeDirectory}/ddclient.conf"; + }; }; systemd.timers.ddclient = { |