From 8317663b9427ef021e917bde6c6c9d6ff05e240c Mon Sep 17 00:00:00 2001 From: Peter Hoeg Date: Wed, 10 Jul 2019 21:29:25 +0800 Subject: nixos/syncthing: do not use nogroup We were already creating a group for the user under which to run syncthing but we were defaulting to running as `nogroup`. Additionally, use `install` instead of multiple calls to mkdir/cp/chown. --- nixos/modules/services/networking/syncthing.nix | 14 ++++---------- 1 file changed, 4 insertions(+), 10 deletions(-) (limited to 'nixos/modules') diff --git a/nixos/modules/services/networking/syncthing.nix b/nixos/modules/services/networking/syncthing.nix index d78a54a3327..8148139c3a8 100644 --- a/nixos/modules/services/networking/syncthing.nix +++ b/nixos/modules/services/networking/syncthing.nix @@ -291,7 +291,7 @@ in { group = mkOption { type = types.str; - default = "nogroup"; + default = defaultUser; description = '' Syncthing will be run under this group (group will not be created if it doesn't exist. This can be your user name). @@ -403,18 +403,12 @@ in { Group = cfg.group; ExecStartPre = mkIf (cfg.declarative.cert != null || cfg.declarative.key != null) "+${pkgs.writers.writeBash "syncthing-copy-keys" '' - mkdir -p ${cfg.configDir} - chown ${cfg.user}:${cfg.group} ${cfg.configDir} - chmod 700 ${cfg.configDir} + install -dm700 -o ${cfg.user} -g ${cfg.group} ${cfg.configDir} ${optionalString (cfg.declarative.cert != null) '' - cp ${toString cfg.declarative.cert} ${cfg.configDir}/cert.pem - chown ${cfg.user}:${cfg.group} ${cfg.configDir}/cert.pem - chmod 400 ${cfg.configDir}/cert.pem + install -Dm400 -o ${cfg.user} -g ${cfg.group} ${toString cfg.declarative.cert} ${cfg.configDir}/cert.pem ''} ${optionalString (cfg.declarative.key != null) '' - cp ${toString cfg.declarative.key} ${cfg.configDir}/key.pem - chown ${cfg.user}:${cfg.group} ${cfg.configDir}/key.pem - chmod 400 ${cfg.configDir}/key.pem + install -Dm400 -o ${cfg.user} -g ${cfg.group} ${toString cfg.declarative.key} ${cfg.configDir}/key.pem ''} ''}" ; -- cgit 1.4.1