diff options
| author | Kevin Cox <kevincox@kevincox.ca> | 2022-03-22 08:10:01 -0400 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2022-03-22 08:10:01 -0400 |
| commit | 954f445608833d7e6b17ea9332e473556a282a69 (patch) | |
| tree | 881f9ba4e0072e256dabab0eec6658f14bea3ea9 /pkgs | |
| parent | 6ca7a970172ac1044b1ccf6bf6f448df50ec39b4 (diff) | |
| parent | 41d45d674a3460b4984c6e3917f7cf231d0ec386 (diff) | |
Merge pull request #165252 from Luflosi/ipfs-hardening
nixos/ipfs: add systemd hardening
Diffstat (limited to 'pkgs')
| -rw-r--r-- | pkgs/applications/networking/ipfs/default.nix | 24 |
1 files changed, 16 insertions, 8 deletions
diff --git a/pkgs/applications/networking/ipfs/default.nix b/pkgs/applications/networking/ipfs/default.nix index 2cceddf0bd7c..f6285ae59beb 100644 --- a/pkgs/applications/networking/ipfs/default.nix +++ b/pkgs/applications/networking/ipfs/default.nix @@ -29,15 +29,23 @@ buildGoModule rec { vendorSha256 = null; + outputs = [ "out" "systemd_unit" "systemd_unit_hardened" ]; + + postPatch = '' + substituteInPlace 'misc/systemd/ipfs.service' \ + --replace '/usr/bin/ipfs' "$out/bin/ipfs" + substituteInPlace 'misc/systemd/ipfs-hardened.service' \ + --replace '/usr/bin/ipfs' "$out/bin/ipfs" + ''; + postInstall = '' - install --mode=444 -D misc/systemd/ipfs.service $out/etc/systemd/system/ipfs.service - install --mode=444 -D misc/systemd/ipfs-hardened.service $out/etc/systemd/system/ipfs-hardened.service - install --mode=444 -D misc/systemd/ipfs-api.socket $out/etc/systemd/system/ipfs-api.socket - install --mode=444 -D misc/systemd/ipfs-gateway.socket $out/etc/systemd/system/ipfs-gateway.socket - substituteInPlace $out/etc/systemd/system/ipfs.service \ - --replace /usr/bin/ipfs $out/bin/ipfs - substituteInPlace $out/etc/systemd/system/ipfs-hardened.service \ - --replace /usr/bin/ipfs $out/bin/ipfs + install --mode=444 -D 'misc/systemd/ipfs-api.socket' "$systemd_unit/etc/systemd/system/ipfs-api.socket" + install --mode=444 -D 'misc/systemd/ipfs-gateway.socket' "$systemd_unit/etc/systemd/system/ipfs-gateway.socket" + install --mode=444 -D 'misc/systemd/ipfs.service' "$systemd_unit/etc/systemd/system/ipfs.service" + + install --mode=444 -D 'misc/systemd/ipfs-api.socket' "$systemd_unit_hardened/etc/systemd/system/ipfs-api.socket" + install --mode=444 -D 'misc/systemd/ipfs-gateway.socket' "$systemd_unit_hardened/etc/systemd/system/ipfs-gateway.socket" + install --mode=444 -D 'misc/systemd/ipfs-hardened.service' "$systemd_unit_hardened/etc/systemd/system/ipfs.service" ''; meta = with lib; { |