summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
Diffstat
-rw-r--r--krebs/3modules/syncthing.nix12
1 files changed, 10 insertions, 2 deletions
diff --git a/krebs/3modules/syncthing.nix b/krebs/3modules/syncthing.nix
index 34879fd3f..bfbac1db9 100644
--- a/krebs/3modules/syncthing.nix
+++ b/krebs/3modules/syncthing.nix
@@ -133,8 +133,16 @@ in
systemd.services.syncthing = mkIf (cfg.cert != null || cfg.key != null) {
preStart = ''
- ${optionalString (cfg.cert != null) "cp ${toString cfg.cert} ${config.services.syncthing.dataDir}/cert.pem"}
- ${optionalString (cfg.key != null) "cp ${toString cfg.key} ${config.services.syncthing.dataDir}/key.pem"}
+ ${optionalString (cfg.cert != null) ''
+ cp ${toString cfg.cert} ${config.services.syncthing.dataDir}/cert.pem
+ chown ${config.services.syncthing.user}:${config.services.syncthing.group} ${config.services.syncthing.dataDir}/cert.pem
+ chmod 400 ${config.services.syncthing.dataDir}/cert.pem
+ ''}
+ ${optionalString (cfg.key != null) ''
+ cp ${toString cfg.key} ${config.services.syncthing.dataDir}/key.pem
+ chown ${config.services.syncthing.user}:${config.services.syncthing.group} ${config.services.syncthing.dataDir}/key.pem
+ chmod 400 ${config.services.syncthing.dataDir}/key.pem
+ ''}
'';
};
generated by cgit v1.2.3 (git 2.25.1) at 2024-11-05 02:36:16 +0000