diff options
Diffstat (limited to 'nixos/modules/services/networking/wireguard.nix')
| -rw-r--r-- | nixos/modules/services/networking/wireguard.nix | 13 |
1 files changed, 8 insertions, 5 deletions
diff --git a/nixos/modules/services/networking/wireguard.nix b/nixos/modules/services/networking/wireguard.nix index 6d4d8d617d2..471f4bf8b33 100644 --- a/nixos/modules/services/networking/wireguard.nix +++ b/nixos/modules/services/networking/wireguard.nix @@ -271,12 +271,15 @@ let }; script = '' - mkdir --mode 0644 -p "${dirOf values.privateKeyFile}" + set -e + + # If the parent dir does not already exist, create it. + # Otherwise, does nothing, keeping existing permisions intact. + mkdir -p --mode 0755 "${dirOf values.privateKeyFile}" + if [ ! -f "${values.privateKeyFile}" ]; then - touch "${values.privateKeyFile}" - chmod 0600 "${values.privateKeyFile}" - wg genkey > "${values.privateKeyFile}" - chmod 0400 "${values.privateKeyFile}" + # Write private key file with atomically-correct permissions. + (set -e; umask 077; wg genkey > "${values.privateKeyFile}") fi ''; }; |