diff options
| -rw-r--r-- | nixos/modules/services/security/simp_le.nix | 17 |
1 files changed, 12 insertions, 5 deletions
diff --git a/nixos/modules/services/security/simp_le.nix b/nixos/modules/services/security/simp_le.nix index 31eb89da55c6..12d9f9708164 100644 --- a/nixos/modules/services/security/simp_le.nix +++ b/nixos/modules/services/security/simp_le.nix @@ -145,8 +145,12 @@ in serviceConfig = { Type = "oneshot"; SuccessExitStatus = [ "0" "1" ]; + PermissionsStartOnly = true; + User = data.user; + Group = data.group; + PrivateTmp = true; }; - path = [ pkgs.simp_le pkgs.sudo ]; + path = [ pkgs.simp_le ]; preStart = '' mkdir -p '${cfg.directory}' if [ ! -d '${cpath}' ]; then @@ -157,13 +161,16 @@ in script = '' cd '${cpath}' set +e - sudo -u '${data.user}' -- simp_le ${concatMapStringsSep " " (arg: escapeShellArg (toString arg)) cmdline} + simp_le ${concatMapStringsSep " " (arg: escapeShellArg (toString arg)) cmdline} EXITCODE=$? set -e - if [ "$EXITCODE" = "0" ]; then + echo "$EXITCODE" > /tmp/lastExitCode + exit "$EXITCODE" + ''; + postStop = '' + if [ -e /tmp/lastExitCode ] && [ "$(cat /tmp/lastExitCode)" = "0" ]; then + echo "Executing postRun hook..." ${data.postRun} - else - exit "$EXITCODE" fi ''; }) |