diff options
author | Joachim F <joachifm@users.noreply.github.com> | 2017-09-06 15:44:04 +0000 |
---|---|---|
committer | GitHub <noreply@github.com> | 2017-09-06 15:44:04 +0000 |
commit | 9bb400573c5c5839f6418b7574e985d711ab922b (patch) | |
tree | 9fe19f9f0047dada545f8c768957d153d57bedcd | |
parent | 9405bc22f63537058594bcf86c90b96321e2a13f (diff) | |
parent | ca54a8616274b0149ce5c77808370f9114229adb (diff) | |
download | nixlib-9bb400573c5c5839f6418b7574e985d711ab922b.tar nixlib-9bb400573c5c5839f6418b7574e985d711ab922b.tar.gz nixlib-9bb400573c5c5839f6418b7574e985d711ab922b.tar.bz2 nixlib-9bb400573c5c5839f6418b7574e985d711ab922b.tar.lz nixlib-9bb400573c5c5839f6418b7574e985d711ab922b.tar.xz nixlib-9bb400573c5c5839f6418b7574e985d711ab922b.tar.zst nixlib-9bb400573c5c5839f6418b7574e985d711ab922b.zip |
Merge pull request #29050 from makefu/module/dnscrypt-wrapper/fix
dnscrypt-wrapper module: fix permissions and options
-rw-r--r-- | nixos/modules/services/networking/dnscrypt-wrapper.nix | 8 |
1 files changed, 5 insertions, 3 deletions
diff --git a/nixos/modules/services/networking/dnscrypt-wrapper.nix b/nixos/modules/services/networking/dnscrypt-wrapper.nix index 85fac660d52e..23cc92946e41 100644 --- a/nixos/modules/services/networking/dnscrypt-wrapper.nix +++ b/nixos/modules/services/networking/dnscrypt-wrapper.nix @@ -45,7 +45,7 @@ let rotateKeys = '' # check if keys are not expired keyValid() { - fingerprint=$(dnscrypt-wrapper --show-provider-publickey-fingerprint | awk '{print $(NF)}') + fingerprint=$(dnscrypt-wrapper --show-provider-publickey | awk '{print $(NF)}') dnscrypt-proxy --test=${toString (cfg.keys.checkInterval + 1)} \ --resolver-address=127.0.0.1:${toString cfg.port} \ --provider-name=${cfg.providerName} \ @@ -56,9 +56,10 @@ let # archive old keys and restart the service if ! keyValid; then + echo "certificate soon to become invalid; backing up old cert" mkdir -p oldkeys - mv ${cfg.providerName}.key oldkeys/${cfg.providerName}-$(date +%F-%T).key - mv ${cfg.providerName}.crt oldkeys/${cfg.providerName}-$(date +%F-%T).crt + mv -v ${cfg.providerName}.key oldkeys/${cfg.providerName}-$(date +%F-%T).key + mv -v ${cfg.providerName}.crt oldkeys/${cfg.providerName}-$(date +%F-%T).crt systemctl restart dnscrypt-wrapper fi ''; @@ -169,6 +170,7 @@ in { path = with pkgs; [ dnscrypt-wrapper dnscrypt-proxy gawk ]; script = rotateKeys; + serviceConfig.User = "dnscrypt-wrapper"; }; |