diff options
| author | Michele Guerini Rocco <rnhmjoj@users.noreply.github.com> | 2021-05-04 11:43:12 +0200 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2021-05-04 11:43:12 +0200 |
| commit | 93c5837be5952bf17d21636a6d0684f094e0e6a8 (patch) | |
| tree | 9653400e0831defe58937ffc2d82eda3e4042e43 /nixos | |
| parent | 741ed21beaa16701ea740e0508b59c1496f42b5c (diff) | |
| parent | 9ea6c1979cb02644c8df8ad4262e9cc0dc024c09 (diff) | |
| download | nixpkgs-93c5837be5952bf17d21636a6d0684f094e0e6a8.tar nixpkgs-93c5837be5952bf17d21636a6d0684f094e0e6a8.tar.gz nixpkgs-93c5837be5952bf17d21636a6d0684f094e0e6a8.tar.bz2 nixpkgs-93c5837be5952bf17d21636a6d0684f094e0e6a8.tar.lz nixpkgs-93c5837be5952bf17d21636a6d0684f094e0e6a8.tar.xz nixpkgs-93c5837be5952bf17d21636a6d0684f094e0e6a8.tar.zst nixpkgs-93c5837be5952bf17d21636a6d0684f094e0e6a8.zip | |
Merge pull request #121512 from rnhmjoj/searx
searx: set settings.yml permissions using umask
Diffstat (limited to 'nixos')
| -rw-r--r-- | nixos/modules/services/networking/searx.nix | 14 |
1 files changed, 8 insertions, 6 deletions
diff --git a/nixos/modules/services/networking/searx.nix b/nixos/modules/services/networking/searx.nix index a515e4a3dc3..04f7d7e31f4 100644 --- a/nixos/modules/services/networking/searx.nix +++ b/nixos/modules/services/networking/searx.nix @@ -4,23 +4,25 @@ with lib; let runDir = "/run/searx"; + cfg = config.services.searx; + settingsFile = pkgs.writeText "settings.yml" + (builtins.toJSON cfg.settings); + generateConfig = '' cd ${runDir} # write NixOS settings as JSON - cat <<'EOF' > settings.yml - ${builtins.toJSON cfg.settings} - EOF + ( + umask 077 + cp --no-preserve=mode ${settingsFile} settings.yml + ) # substitute environment variables env -0 | while IFS='=' read -r -d ''' n v; do sed "s#@$n@#$v#g" -i settings.yml done - - # set strict permissions - chmod 400 settings.yml ''; settingType = with types; (oneOf |