Figured out how to correctly change ownership

2023-09-22 23:20:44 -07:00 · 2023-09-22 23:20:44 -07:00 · 49009f67e7
parent a72e23a198
commit 49009f67e7
1 changed files with 7 additions and 5 deletions
--- a/lib/fudo/auth/kerberos/kdc.nix
+++ b/lib/fudo/auth/kerberos/kdc.nix
@ -74,7 +74,7 @@ let
              after = [ "network-online.target" ];
              description =
                "Heimdal Kerberos Key Distribution Center (primary ticket server).";
-              path = with pkgs; [ heimdal ];
+              path = with pkgs; [ heimdal coreutils ];
              serviceConfig = {
                PrivateDevices = true;
                PrivateTmp = true;
@ -97,10 +97,12 @@ let
                RestartSec = "5s";
                AmbientCapabilities = "CAP_NET_BIND_SERVICE";
                SecureBits = "keep-caps";
-                ExecStartPre = ''
+                ExecStartPre = let
+                  chownScript = ''
                    chown ${cfg.user}:${cfg.group} ${cfg.kdc.database}
                    chown ${cfg.user}:${cfg.group} ${cfg.kdc.state-directory}/kerberos.log
                  '';
+                in "+${chownScript}";
                ExecStart = let
                  ips = if (cfg.kdc.bind-addresses != [ ]) then
                    cfg.kdc.bind-addresses