public/PriceBot
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Switch from ExecStartPre to LoadCredential.

Browse Source 
ExecStartPre %u and %T were relative to root.
This commit is contained in:
niten 2022-06-19 12:28:59 -07:00
parent ed4678d748
commit 74fd327208
1 changed files with 2 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
module.nix
View File

@ -63,16 +63,15 @@ in {
environment = { environment = {
PRICEBOT_EXCHANGE_HOST = cfg.exchange-host; PRICEBOT_EXCHANGE_HOST = cfg.exchange-host;
PRICEBOT_BEBOT_URL = cfg.mattermost-url; PRICEBOT_BEBOT_URL = cfg.mattermost-url;
PRICEBOT_BEBOT_AUTH_TOKEN_FILE = "%T/auth.token"; PRICEBOT_BEBOT_AUTH_TOKEN_FILE = "$CREDENTIALS_DIRECTORY/auth.token";
PRICEBOT_BEBOT_CHANNEL_ID = opts.mattermost-channel-id; PRICEBOT_BEBOT_CHANNEL_ID = opts.mattermost-channel-id;
PRICEBOT_TARGET_CURRENCY = opts.currency; PRICEBOT_TARGET_CURRENCY = opts.currency;
PRICEBOT_NOTIFY_USER = opts.notify-user; PRICEBOT_NOTIFY_USER = opts.notify-user;
}; };
serviceConfig = { serviceConfig = {
ExecStart = "${pricebot}/bin/pricebot"; ExecStart = "${pricebot}/bin/pricebot";
ExecStartPre =
"+${pkgs.coreutils-full}/bin/install --owner=%u --mode=400 -T ${cfg.mattermost-auth-token-file} %T/auth.token";
DynamicUser = true; DynamicUser = true;
LoadCredential = "auth.token:${cfg.mattermost-auth-token-file}";
PrivateTmp = true; PrivateTmp = true;
PrivateDevices = true; PrivateDevices = true;
ProtectSystem = "strict"; ProtectSystem = "strict";