diff options
author | nikstur <nikstur@outlook.com> | 2023-10-20 00:30:45 +0200 |
---|---|---|
committer | nikstur <nikstur@outlook.com> | 2023-10-26 01:44:20 +0200 |
commit | 6c800013bfe84e4f6a732337d7f88a161884cfcc (patch) | |
tree | a2e13d28503c5cd6377e16e58861656bda017975 | |
parent | 168b967b3224727f8789c1b9709f7c6821f26566 (diff) | |
download | nixpkgs-6c800013bfe84e4f6a732337d7f88a161884cfcc.tar nixpkgs-6c800013bfe84e4f6a732337d7f88a161884cfcc.tar.gz nixpkgs-6c800013bfe84e4f6a732337d7f88a161884cfcc.tar.bz2 nixpkgs-6c800013bfe84e4f6a732337d7f88a161884cfcc.tar.lz nixpkgs-6c800013bfe84e4f6a732337d7f88a161884cfcc.tar.xz nixpkgs-6c800013bfe84e4f6a732337d7f88a161884cfcc.tar.zst nixpkgs-6c800013bfe84e4f6a732337d7f88a161884cfcc.zip |
nixos/strongswan-swanctl: replace activationScripts via tmpfiles
-rw-r--r-- | nixos/modules/services/networking/strongswan-swanctl/module.nix | 30 |
1 files changed, 15 insertions, 15 deletions
diff --git a/nixos/modules/services/networking/strongswan-swanctl/module.nix b/nixos/modules/services/networking/strongswan-swanctl/module.nix index c51e8ad9f5f..bfea8996972 100644 --- a/nixos/modules/services/networking/strongswan-swanctl/module.nix +++ b/nixos/modules/services/networking/strongswan-swanctl/module.nix @@ -43,21 +43,21 @@ in { # The swanctl command complains when the following directories don't exist: # See: https://wiki.strongswan.org/projects/strongswan/wiki/Swanctldirectory - system.activationScripts.strongswan-swanctl-etc = stringAfter ["etc"] '' - mkdir -p '/etc/swanctl/x509' # Trusted X.509 end entity certificates - mkdir -p '/etc/swanctl/x509ca' # Trusted X.509 Certificate Authority certificates - mkdir -p '/etc/swanctl/x509ocsp' - mkdir -p '/etc/swanctl/x509aa' # Trusted X.509 Attribute Authority certificates - mkdir -p '/etc/swanctl/x509ac' # Attribute Certificates - mkdir -p '/etc/swanctl/x509crl' # Certificate Revocation Lists - mkdir -p '/etc/swanctl/pubkey' # Raw public keys - mkdir -p '/etc/swanctl/private' # Private keys in any format - mkdir -p '/etc/swanctl/rsa' # PKCS#1 encoded RSA private keys - mkdir -p '/etc/swanctl/ecdsa' # Plain ECDSA private keys - mkdir -p '/etc/swanctl/bliss' - mkdir -p '/etc/swanctl/pkcs8' # PKCS#8 encoded private keys of any type - mkdir -p '/etc/swanctl/pkcs12' # PKCS#12 containers - ''; + systemd.tmpfiles.rules = [ + "d /etc/swanctl/x509 -" # Trusted X.509 end entity certificates + "d /etc/swanctl/x509ca -" # Trusted X.509 Certificate Authority certificates + "d /etc/swanctl/x509ocsp -" + "d /etc/swanctl/x509aa -" # Trusted X.509 Attribute Authority certificates + "d /etc/swanctl/x509ac -" # Attribute Certificates + "d /etc/swanctl/x509crl -" # Certificate Revocation Lists + "d /etc/swanctl/pubkey -" # Raw public keys + "d /etc/swanctl/private -" # Private keys in any format + "d /etc/swanctl/rsa -" # PKCS#1 encoded RSA private keys + "d /etc/swanctl/ecdsa -" # Plain ECDSA private keys + "d /etc/swanctl/bliss -" + "d /etc/swanctl/pkcs8 -" # PKCS#8 encoded private keys of any type + "d /etc/swanctl/pkcs12 -" # PKCS#12 containers + ]; systemd.services.strongswan-swanctl = { description = "strongSwan IPsec IKEv1/IKEv2 daemon using swanctl"; |