diff options
| author | Peter Hoeg <peter@hoeg.com> | 2019-07-10 21:29:25 +0800 |
|---|---|---|
| committer | Peter Hoeg <peter@hoeg.com> | 2019-07-10 21:29:25 +0800 |
| commit | 8317663b9427ef021e917bde6c6c9d6ff05e240c (patch) | |
| tree | f4d10ade04597750ba4965fca7c2ce0675b70cd5 /nixos/modules/services/networking/syncthing.nix | |
| parent | beff2f8d75ef2c65017fb25e251337c6bb2e950d (diff) | |
| download | nixpkgs-8317663b9427ef021e917bde6c6c9d6ff05e240c.tar nixpkgs-8317663b9427ef021e917bde6c6c9d6ff05e240c.tar.gz nixpkgs-8317663b9427ef021e917bde6c6c9d6ff05e240c.tar.bz2 nixpkgs-8317663b9427ef021e917bde6c6c9d6ff05e240c.tar.lz nixpkgs-8317663b9427ef021e917bde6c6c9d6ff05e240c.tar.xz nixpkgs-8317663b9427ef021e917bde6c6c9d6ff05e240c.tar.zst nixpkgs-8317663b9427ef021e917bde6c6c9d6ff05e240c.zip | |
nixos/syncthing: do not use nogroup
We were already creating a group for the user under which to run syncthing but we were defaulting to running as `nogroup`. Additionally, use `install` instead of multiple calls to mkdir/cp/chown.
Diffstat (limited to 'nixos/modules/services/networking/syncthing.nix')
| -rw-r--r-- | nixos/modules/services/networking/syncthing.nix | 14 |
1 files changed, 4 insertions, 10 deletions
diff --git a/nixos/modules/services/networking/syncthing.nix b/nixos/modules/services/networking/syncthing.nix index d78a54a3327..8148139c3a8 100644 --- a/nixos/modules/services/networking/syncthing.nix +++ b/nixos/modules/services/networking/syncthing.nix @@ -291,7 +291,7 @@ in { group = mkOption { type = types.str; - default = "nogroup"; + default = defaultUser; description = '' Syncthing will be run under this group (group will not be created if it doesn't exist. This can be your user name). @@ -403,18 +403,12 @@ in { Group = cfg.group; ExecStartPre = mkIf (cfg.declarative.cert != null || cfg.declarative.key != null) "+${pkgs.writers.writeBash "syncthing-copy-keys" '' - mkdir -p ${cfg.configDir} - chown ${cfg.user}:${cfg.group} ${cfg.configDir} - chmod 700 ${cfg.configDir} + install -dm700 -o ${cfg.user} -g ${cfg.group} ${cfg.configDir} ${optionalString (cfg.declarative.cert != null) '' - cp ${toString cfg.declarative.cert} ${cfg.configDir}/cert.pem - chown ${cfg.user}:${cfg.group} ${cfg.configDir}/cert.pem - chmod 400 ${cfg.configDir}/cert.pem + install -Dm400 -o ${cfg.user} -g ${cfg.group} ${toString cfg.declarative.cert} ${cfg.configDir}/cert.pem ''} ${optionalString (cfg.declarative.key != null) '' - cp ${toString cfg.declarative.key} ${cfg.configDir}/key.pem - chown ${cfg.user}:${cfg.group} ${cfg.configDir}/key.pem - chmod 400 ${cfg.configDir}/key.pem + install -Dm400 -o ${cfg.user} -g ${cfg.group} ${toString cfg.declarative.key} ${cfg.configDir}/key.pem ''} ''}" ; |