diff options
author | Rodney Lorrimar <dev@rodney.id.au> | 2017-04-22 17:51:04 +0100 |
---|---|---|
committer | Rodney Lorrimar <dev@rodney.id.au> | 2017-04-22 17:51:04 +0100 |
commit | cfa1faa37c808f0a63093b1af8e03b6624b68872 (patch) | |
tree | 0d41645afa27cc29a82b45babcdf7c7439ed6196 /nixos/modules/services/misc/gogs.nix | |
parent | 79d52bc26cda44ea0e7d947cdc032b7eed9ee959 (diff) | |
download | nixlib-cfa1faa37c808f0a63093b1af8e03b6624b68872.tar nixlib-cfa1faa37c808f0a63093b1af8e03b6624b68872.tar.gz nixlib-cfa1faa37c808f0a63093b1af8e03b6624b68872.tar.bz2 nixlib-cfa1faa37c808f0a63093b1af8e03b6624b68872.tar.lz nixlib-cfa1faa37c808f0a63093b1af8e03b6624b68872.tar.xz nixlib-cfa1faa37c808f0a63093b1af8e03b6624b68872.tar.zst nixlib-cfa1faa37c808f0a63093b1af8e03b6624b68872.zip |
gogs service: chmod 440 config file
Directory which contains the config file /var/lib/gogs already has mode 700 but users are liable to change these things.
Diffstat (limited to 'nixos/modules/services/misc/gogs.nix')
-rw-r--r-- | nixos/modules/services/misc/gogs.nix | 9 |
1 files changed, 6 insertions, 3 deletions
diff --git a/nixos/modules/services/misc/gogs.nix b/nixos/modules/services/misc/gogs.nix index f0aff4303054..76e6254856b9 100644 --- a/nixos/modules/services/misc/gogs.nix +++ b/nixos/modules/services/misc/gogs.nix @@ -178,16 +178,19 @@ in wantedBy = [ "multi-user.target" ]; path = [ pkgs.gogs.bin ]; - preStart = '' + preStart = let + runConfig = "${cfg.stateDir}/custom/conf/app.ini"; + in '' # copy custom configuration and generate a random secret key if needed ${optionalString (cfg.useWizard == false) '' mkdir -p ${cfg.stateDir}/custom/conf - cp -f ${configFile} ${cfg.stateDir}/custom/conf/app.ini + cp -f ${configFile} ${runConfig} KEY=$(head -c 16 /dev/urandom | base64) DBPASS=$(head -n1 ${cfg.database.passwordFile}) sed -e "s,#secretkey#,$KEY,g" \ -e "s,#dbpass#,$DBPASS,g" \ - -i ${cfg.stateDir}/custom/conf/app.ini + -i ${runConfig} + chmod 440 ${runConfig} ''} mkdir -p ${cfg.repositoryRoot} |