nixos: tcpcrypt: /var/run -> /run, don't drop files out of rundir

2018-01-06 12:57:35 +00:00 · 2018-01-06 12:57:35 +00:00 · 44b8202cab
commit 44b8202cab
parent 02da27de52
1 changed files with 5 additions and 5 deletions
--- a/nixos/modules/services/networking/tcpcrypt.nix
+++ b/nixos/modules/services/networking/tcpcrypt.nix
@ -44,9 +44,9 @@ in
      path = [ pkgs.iptables pkgs.tcpcrypt pkgs.procps ];
      preStart = ''
-        mkdir -p /var/run/tcpcryptd
+        mkdir -p /run/tcpcryptd
-        chown tcpcryptd /var/run/tcpcryptd
+        chown tcpcryptd /run/tcpcryptd
-        sysctl -n net.ipv4.tcp_ecn >/run/pre-tcpcrypt-ecn-state
+        sysctl -n net.ipv4.tcp_ecn > /run/tcpcryptd/pre-tcpcrypt-ecn-state
        sysctl -w net.ipv4.tcp_ecn=0
        iptables -t raw -N nixos-tcpcrypt
@ -61,8 +61,8 @@ in
      script = "tcpcryptd -x 0x10";
      postStop = ''
-        if [ -f /run/pre-tcpcrypt-ecn-state ]; then
+        if [ -f /run/tcpcryptd/pre-tcpcrypt-ecn-state ]; then
-          sysctl -w net.ipv4.tcp_ecn=$(cat /run/pre-tcpcrypt-ecn-state)
+          sysctl -w net.ipv4.tcp_ecn=$(cat /run/tcpcryptd/pre-tcpcrypt-ecn-state)
        fi
        iptables -t mangle -D POSTROUTING -j nixos-tcpcrypt || true