diff options
author | Aaron Andersen <aaron@fosslib.net> | 2019-02-24 07:53:36 -0500 |
---|---|---|
committer | Aaron Andersen <aaron@fosslib.net> | 2019-04-13 07:01:01 -0400 |
commit | a1c48c3f630813046bc022493bf60d5bb9097d10 (patch) | |
tree | 7ee0eb6bd409d6b5705a58d55eb8b56652206716 /nixos/modules/services/security | |
parent | 053c9a799296b93a5e310b7fcb12b4e0708fe799 (diff) | |
download | nixpkgs-a1c48c3f630813046bc022493bf60d5bb9097d10.tar nixpkgs-a1c48c3f630813046bc022493bf60d5bb9097d10.tar.gz nixpkgs-a1c48c3f630813046bc022493bf60d5bb9097d10.tar.bz2 nixpkgs-a1c48c3f630813046bc022493bf60d5bb9097d10.tar.lz nixpkgs-a1c48c3f630813046bc022493bf60d5bb9097d10.tar.xz nixpkgs-a1c48c3f630813046bc022493bf60d5bb9097d10.tar.zst nixpkgs-a1c48c3f630813046bc022493bf60d5bb9097d10.zip |
nixos/vault: replace deprecated usage of PermissionsStartOnly
see https://github.com/NixOS/nixpkgs/issues/53852
Diffstat (limited to 'nixos/modules/services/security')
-rw-r--r-- | nixos/modules/services/security/vault.nix | 9 |
1 files changed, 4 insertions, 5 deletions
diff --git a/nixos/modules/services/security/vault.nix b/nixos/modules/services/security/vault.nix index 0b28bc89445..8176c168ca9 100644 --- a/nixos/modules/services/security/vault.nix +++ b/nixos/modules/services/security/vault.nix @@ -119,6 +119,10 @@ in }; users.groups.vault.gid = config.ids.gids.vault; + systemd.tmpfiles.rules = optional (cfg.storagePath != null) [ + "d '${cfg.storagePath}' 0700 vault vault - -" + ]; + systemd.services.vault = { description = "Vault server daemon"; @@ -128,14 +132,9 @@ in restartIfChanged = false; # do not restart on "nixos-rebuild switch". It would seal the storage and disrupt the clients. - preStart = optionalString (cfg.storagePath != null) '' - install -d -m0700 -o vault -g vault "${cfg.storagePath}" - ''; - serviceConfig = { User = "vault"; Group = "vault"; - PermissionsStartOnly = true; ExecStart = "${cfg.package}/bin/vault server -config ${configFile}"; PrivateDevices = true; PrivateTmp = true; |