From 2febc7dd79653114eae54e27c9be215fe53b7ce5 Mon Sep 17 00:00:00 2001 From: Jörg Thalheim Date: Sun, 9 Jan 2022 08:33:56 +0100 Subject: nixos/ddclient: don't store config world-readable --- nixos/modules/services/networking/ddclient.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'nixos') diff --git a/nixos/modules/services/networking/ddclient.nix b/nixos/modules/services/networking/ddclient.nix index 8a2c0fc7080..f5335406854 100644 --- a/nixos/modules/services/networking/ddclient.nix +++ b/nixos/modules/services/networking/ddclient.nix @@ -29,7 +29,7 @@ let configFile = if (cfg.configFile != null) then cfg.configFile else configFile'; preStart = '' - install ${configFile} /run/${RuntimeDirectory}/ddclient.conf + install --owner ddclient -m600 ${configFile} /run/${RuntimeDirectory}/ddclient.conf ${lib.optionalString (cfg.configFile == null) (if (cfg.passwordFile != null) then '' password=$(printf "%q" "$(head -n 1 "${cfg.passwordFile}")") sed -i "s|^password=$|password=$password|" /run/${RuntimeDirectory}/ddclient.conf -- cgit 1.4.1 From 51967ca77a23215df766a4cf72a56ac219e49d2a Mon Sep 17 00:00:00 2001 From: Jörg Thalheim Date: Sun, 9 Jan 2022 08:38:00 +0100 Subject: nixos/ddclient: better default for nsupdate --- nixos/modules/services/networking/ddclient.nix | 12 ++++++++---- 1 file changed, 8 insertions(+), 4 deletions(-) (limited to 'nixos') diff --git a/nixos/modules/services/networking/ddclient.nix b/nixos/modules/services/networking/ddclient.nix index f5335406854..0bb8c87b38e 100644 --- a/nixos/modules/services/networking/ddclient.nix +++ b/nixos/modules/services/networking/ddclient.nix @@ -13,7 +13,7 @@ let foreground=YES use=${cfg.use} login=${cfg.username} - password= + password=${lib.optionalString (cfg.protocol == "nsupdate") "/run/${RuntimeDirectory}/ddclient.key"} protocol=${cfg.protocol} ${lib.optionalString (cfg.script != "") "script=${cfg.script}"} ${lib.optionalString (cfg.server != "") "server=${cfg.server}"} @@ -30,7 +30,9 @@ let preStart = '' install --owner ddclient -m600 ${configFile} /run/${RuntimeDirectory}/ddclient.conf - ${lib.optionalString (cfg.configFile == null) (if (cfg.passwordFile != null) then '' + ${lib.optionalString (cfg.configFile == null) (if (cfg.protocol == "nsupdate") then '' + install --owner ddclient -m600 ${cfg.passwordFile} /run/${RuntimeDirectory}/ddclient.key + '' else if (cfg.passwordFile != null) then '' password=$(printf "%q" "$(head -n 1 "${cfg.passwordFile}")") sed -i "s|^password=$|password=$password|" /run/${RuntimeDirectory}/ddclient.conf '' else '' @@ -85,7 +87,9 @@ with lib; }; username = mkOption { - default = ""; + # For `nsupdate` username contains the path to the nsupdate executable + default = lib.optionalString (config.services.ddclient.protocol == "nsupdate") "${pkgs.bind.dnsutils}/bin/nsupdate"; + defaultText = ""; type = str; description = '' User name. @@ -96,7 +100,7 @@ with lib; default = null; type = nullOr str; description = '' - A file containing the password. + A file containing the password or a TSIG key in named format when using the nsupdate protocol. ''; }; -- cgit 1.4.1