diff options
| author | Arnold Krille <arnold@arnoldarts.de> | 2016-05-21 13:12:48 +0200 |
|---|---|---|
| committer | Franz Pletz <fpletz@fnordicwalking.de> | 2016-05-21 22:27:27 +0200 |
| commit | bf0e745597c5fc9547e41905f0f0354d009f154e (patch) | |
| tree | a7ec510e8ac60ff0afa44953645836c7607f9e4e /nixos | |
| parent | d5656873d7b0d5bc52794b3d2c403835426ebd5e (diff) | |
| download | nixlib-bf0e745597c5fc9547e41905f0f0354d009f154e.tar nixlib-bf0e745597c5fc9547e41905f0f0354d009f154e.tar.gz nixlib-bf0e745597c5fc9547e41905f0f0354d009f154e.tar.bz2 nixlib-bf0e745597c5fc9547e41905f0f0354d009f154e.tar.lz nixlib-bf0e745597c5fc9547e41905f0f0354d009f154e.tar.xz nixlib-bf0e745597c5fc9547e41905f0f0354d009f154e.tar.zst nixlib-bf0e745597c5fc9547e41905f0f0354d009f154e.zip | |
unbound service: do not initialize root cert
When enableRootTrustAnchor is set to false, there is really no point in initializing the root key before starting unbound. Fixes #15605.
Diffstat (limited to 'nixos')
| -rw-r--r-- | nixos/modules/services/networking/unbound.nix | 2 |
1 files changed, 2 insertions, 0 deletions
diff --git a/nixos/modules/services/networking/unbound.nix b/nixos/modules/services/networking/unbound.nix index 89762fe52488..0dd24478f409 100644 --- a/nixos/modules/services/networking/unbound.nix +++ b/nixos/modules/services/networking/unbound.nix @@ -106,8 +106,10 @@ in preStart = '' mkdir -m 0755 -p ${stateDir}/dev/ cp ${confFile} ${stateDir}/unbound.conf + ${optionalString cfg.enableRootTrustAnchor '' ${pkgs.unbound}/bin/unbound-anchor -a ${rootTrustAnchorFile} chown unbound ${stateDir} ${rootTrustAnchorFile} + ''} touch ${stateDir}/dev/random ${pkgs.utillinux}/bin/mount --bind -n /dev/random ${stateDir}/dev/random ''; |