syncthing: fix permissions of keys

This commit is contained in:
lassulus 2019-04-09 16:52:17 +02:00
parent 2dbdf0185a
commit 3fee51f737

View File

@ -133,8 +133,16 @@ in
systemd.services.syncthing = mkIf (cfg.cert != null || cfg.key != null) { systemd.services.syncthing = mkIf (cfg.cert != null || cfg.key != null) {
preStart = '' preStart = ''
${optionalString (cfg.cert != null) "cp ${toString cfg.cert} ${config.services.syncthing.dataDir}/cert.pem"} ${optionalString (cfg.cert != null) ''
${optionalString (cfg.key != null) "cp ${toString cfg.key} ${config.services.syncthing.dataDir}/key.pem"} cp ${toString cfg.cert} ${config.services.syncthing.dataDir}/cert.pem
chown ${config.services.syncthing.user}:${config.services.syncthing.group} ${config.services.syncthing.dataDir}/cert.pem
chmod 400 ${config.services.syncthing.dataDir}/cert.pem
''}
${optionalString (cfg.key != null) ''
cp ${toString cfg.key} ${config.services.syncthing.dataDir}/key.pem
chown ${config.services.syncthing.user}:${config.services.syncthing.group} ${config.services.syncthing.dataDir}/key.pem
chmod 400 ${config.services.syncthing.dataDir}/key.pem
''}
''; '';
}; };