diff options
| author | Michele Guerini Rocco <rnhmjoj@users.noreply.github.com> | 2024-02-14 14:36:43 +0100 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2024-02-14 14:36:43 +0100 |
| commit | cd02351ae060dacaadb5701f206eebb6754f9cc4 (patch) | |
| tree | 9e2116bf75171bf57fbd75514722ee9f4839635a /nixos/modules/services/networking | |
| parent | c1f27ae1d3d2d59f495370dd3b14d77dc9261801 (diff) | |
| parent | 0f37581eab9258755adf6fef2c6b46c20add6fc3 (diff) | |
| download | nixlib-cd02351ae060dacaadb5701f206eebb6754f9cc4.tar nixlib-cd02351ae060dacaadb5701f206eebb6754f9cc4.tar.gz nixlib-cd02351ae060dacaadb5701f206eebb6754f9cc4.tar.bz2 nixlib-cd02351ae060dacaadb5701f206eebb6754f9cc4.tar.lz nixlib-cd02351ae060dacaadb5701f206eebb6754f9cc4.tar.xz nixlib-cd02351ae060dacaadb5701f206eebb6754f9cc4.tar.zst nixlib-cd02351ae060dacaadb5701f206eebb6754f9cc4.zip | |
Merge pull request #233017 from koenw/libreswan-StateDirectory
nixos/libreswan: Use StateDirectory to setup ipsec/nss
Diffstat (limited to 'nixos/modules/services/networking')
| -rw-r--r-- | nixos/modules/services/networking/libreswan.nix | 7 |
1 files changed, 4 insertions, 3 deletions
diff --git a/nixos/modules/services/networking/libreswan.nix b/nixos/modules/services/networking/libreswan.nix index db4d2f7f0ba0..a44cac93d5f6 100644 --- a/nixos/modules/services/networking/libreswan.nix +++ b/nixos/modules/services/networking/libreswan.nix @@ -133,9 +133,6 @@ in "ipsec.d/01-nixos.conf".source = configFile; } // policyFiles; - # Create NSS database directory - systemd.tmpfiles.rules = [ "d /var/lib/ipsec/nss 755 root root -" ]; - systemd.services.ipsec = { description = "Internet Key Exchange (IKE) Protocol Daemon for IPsec"; wantedBy = [ "multi-user.target" ]; @@ -153,6 +150,10 @@ in echo 0 | tee /proc/sys/net/ipv4/conf/*/send_redirects echo 0 | tee /proc/sys/net/ipv{4,6}/conf/*/accept_redirects ''; + serviceConfig = { + StateDirectory = "ipsec/nss"; + StateDirectoryMode = 0700; + }; }; }; |