Merge pull request #144895 from arcnmx/ddclient-privs

nixos/ddclient: password permission fixes
This commit is contained in:
Aaron Andersen 2021-11-06 12:17:01 -04:00 committed by GitHub
commit a97d32da9c
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23

View File

@ -28,6 +28,16 @@ let
'';
configFile = if (cfg.configFile != null) then cfg.configFile else configFile';
preStart = ''
install ${configFile} /run/${RuntimeDirectory}/ddclient.conf
${lib.optionalString (cfg.configFile == null) (if (cfg.passwordFile != null) then ''
password=$(head -n 1 ${cfg.passwordFile})
sed -i "s/^password=$/password=$password/" /run/${RuntimeDirectory}/ddclient.conf
'' else ''
sed -i '/^password=$/d' /run/${RuntimeDirectory}/ddclient.conf
'')}
'';
in
with lib;
@ -57,6 +67,15 @@ with lib;
'';
};
package = mkOption {
type = package;
default = pkgs.ddclient;
defaultText = "pkgs.ddclient";
description = ''
The ddclient executable package run by the service.
'';
};
domains = mkOption {
default = [ "" ];
type = listOf str;
@ -195,20 +214,13 @@ with lib;
serviceConfig = {
DynamicUser = true;
RuntimeDirectoryMode = "0700";
inherit RuntimeDirectory;
inherit StateDirectory;
Type = "oneshot";
ExecStart = "${lib.getBin pkgs.ddclient}/bin/ddclient -file /run/${RuntimeDirectory}/ddclient.conf";
ExecStartPre = "!${pkgs.writeShellScript "ddclient-prestart" preStart}";
ExecStart = "${lib.getBin cfg.package}/bin/ddclient -file /run/${RuntimeDirectory}/ddclient.conf";
};
preStart = ''
install -m 600 ${configFile} /run/${RuntimeDirectory}/ddclient.conf
${optionalString (cfg.configFile == null) (if (cfg.passwordFile != null) then ''
password=$(head -n 1 ${cfg.passwordFile})
sed -i "s/^password=$/password=$password/" /run/${RuntimeDirectory}/ddclient.conf
'' else ''
sed -i '/^password=$/d' /run/${RuntimeDirectory}/ddclient.conf
'')}
'';
};
systemd.timers.ddclient = {