Put launcher in script

2024-01-06 11:06:05 -08:00 · 2024-01-06 11:06:05 -08:00 · 8ba0e155d3
parent 12d62caf25
commit 8ba0e155d3
1 changed files with 8 additions and 7 deletions
--- a/lib/fudo/auth/kerberos/kdc.nix
+++ b/lib/fudo/auth/kerberos/kdc.nix
@ -326,16 +326,17 @@ let
                LimitNOFILE = 4096;
                User = cfg.user;
                Group = cfg.group;
-                Restart =
-                  "never"; # Server will retry -- this results in stacking
+                # Server will retry -- this results in stacking
+                Restart = "never";
                AmbientCapabilities = "CAP_NET_BIND_SERVICE";
                SecureBits = "keep-caps";
                ReadWritePaths = [ "${dirOf cfg.kdc.database}" ];
-                ExecStart = concatStringsSep " " [
-                  "${pkgs.heimdal}/libexec/heimdal/hpropd"
-                  "--database=sqlite:${cfg.kdc.database}"
-                  "--keytab=${cfg.kdc.secondary.keytabs.hpropd}"
-                ];
+                ExecStart = writeShellScript "launch-heimdal-hpropd.sh"
+                  (concatStringsSep " " [
+                    "${pkgs.heimdal}/libexec/heimdal/hpropd"
+                    "--database=sqlite:${cfg.kdc.database}"
+                    "--keytab=${cfg.kdc.secondary.keytabs.hpropd}"
+                  ]);
              };
              unitConfig.ConditionPathExists =
                [ cfg.kdc.database cfg.kdc.secondary.keytabs.hpropd ];