diff options
author | Symphorien Gibol <symphorien+git@xlumurb.eu> | 2020-02-13 12:00:00 +0000 |
---|---|---|
committer | Symphorien Gibol <symphorien+git@xlumurb.eu> | 2020-02-13 21:30:14 +0100 |
commit | 44fd320c0f083ea267ab3e69156f2e82c3912e60 (patch) | |
tree | 51ae56fd0c3034aece4d2daae100896ce4b5c98c /nixos/modules/services/networking/iodine.nix | |
parent | d2d5d89c2c30779ef6299d68fa8ef3f7d4fc1086 (diff) | |
download | nixpkgs-44fd320c0f083ea267ab3e69156f2e82c3912e60.tar nixpkgs-44fd320c0f083ea267ab3e69156f2e82c3912e60.tar.gz nixpkgs-44fd320c0f083ea267ab3e69156f2e82c3912e60.tar.bz2 nixpkgs-44fd320c0f083ea267ab3e69156f2e82c3912e60.tar.lz nixpkgs-44fd320c0f083ea267ab3e69156f2e82c3912e60.tar.xz nixpkgs-44fd320c0f083ea267ab3e69156f2e82c3912e60.tar.zst nixpkgs-44fd320c0f083ea267ab3e69156f2e82c3912e60.zip |
nixos/iodine: protect passwordFiles with toString
It should prevent copying the files to a store path
Diffstat (limited to 'nixos/modules/services/networking/iodine.nix')
-rw-r--r-- | nixos/modules/services/networking/iodine.nix | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/nixos/modules/services/networking/iodine.nix b/nixos/modules/services/networking/iodine.nix index 63a6a4c0fb9..46051d7044b 100644 --- a/nixos/modules/services/networking/iodine.nix +++ b/nixos/modules/services/networking/iodine.nix @@ -132,7 +132,7 @@ in description = "iodine client - ${name}"; after = [ "network.target" ]; wantedBy = [ "multi-user.target" ]; - script = "exec ${pkgs.iodine}/bin/iodine -f -u ${iodinedUser} ${cfg.extraConfig} ${optionalString (cfg.passwordFile != "") "< \"${cfg.passwordFile}\""} ${cfg.relay} ${cfg.server}"; + script = "exec ${pkgs.iodine}/bin/iodine -f -u ${iodinedUser} ${cfg.extraConfig} ${optionalString (cfg.passwordFile != "") "< \"${builtins.toString cfg.passwordFile}\""} ${cfg.relay} ${cfg.server}"; serviceConfig = { RestartSec = "30s"; Restart = "always"; @@ -166,7 +166,7 @@ in description = "iodine, ip over dns server daemon"; after = [ "network.target" ]; wantedBy = [ "multi-user.target" ]; - script = "exec ${pkgs.iodine}/bin/iodined -f -u ${iodinedUser} ${cfg.server.extraConfig} ${optionalString (cfg.server.passwordFile != "") "< \"${cfg.server.passwordFile}\""} ${cfg.server.ip} ${cfg.server.domain}"; + script = "exec ${pkgs.iodine}/bin/iodined -f -u ${iodinedUser} ${cfg.server.extraConfig} ${optionalString (cfg.server.passwordFile != "") "< \"${builtins.toString cfg.server.passwordFile}\""} ${cfg.server.ip} ${cfg.server.domain}"; serviceConfig = { # Filesystem access ProtectSystem = "strict"; |