summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorlassulus <lassulus@lassul.us>2019-04-09 16:52:17 +0200
committerlassulus <lassulus@lassul.us>2019-04-09 16:54:06 +0200
commit3fee51f7378a523a95e494d160b7562206cf714b (patch)
treed712dd2ca1520a95071ec2efbbfbc4eb3023743d
parent2dbdf0185a42fd654706766b12bb1efe40ce712f (diff)
syncthing: fix permissions of keys
-rw-r--r--krebs/3modules/syncthing.nix12
1 files changed, 10 insertions, 2 deletions
diff --git a/krebs/3modules/syncthing.nix b/krebs/3modules/syncthing.nix
index 34879fd3f..bfbac1db9 100644
--- a/krebs/3modules/syncthing.nix
+++ b/krebs/3modules/syncthing.nix
@@ -133,8 +133,16 @@ in
systemd.services.syncthing = mkIf (cfg.cert != null || cfg.key != null) {
preStart = ''
- ${optionalString (cfg.cert != null) "cp ${toString cfg.cert} ${config.services.syncthing.dataDir}/cert.pem"}
- ${optionalString (cfg.key != null) "cp ${toString cfg.key} ${config.services.syncthing.dataDir}/key.pem"}
+ ${optionalString (cfg.cert != null) ''
+ cp ${toString cfg.cert} ${config.services.syncthing.dataDir}/cert.pem
+ chown ${config.services.syncthing.user}:${config.services.syncthing.group} ${config.services.syncthing.dataDir}/cert.pem
+ chmod 400 ${config.services.syncthing.dataDir}/cert.pem
+ ''}
+ ${optionalString (cfg.key != null) ''
+ cp ${toString cfg.key} ${config.services.syncthing.dataDir}/key.pem
+ chown ${config.services.syncthing.user}:${config.services.syncthing.group} ${config.services.syncthing.dataDir}/key.pem
+ chmod 400 ${config.services.syncthing.dataDir}/key.pem
+ ''}
'';
};