public
/
nixpkgs
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

nixos/dnscrypt-proxy: simplify module logic related to apparmor

This commit is contained in:
Joachim Fasting 2017-03-12 16:20:10 +01:00
parent 83052ef9db
commit 9325c3a616
No known key found for this signature in database
GPG Key ID: 7544761007FE4E08
1 changed files with 5 additions and 9 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

14
nixos/modules/services/networking/dnscrypt-proxy.nix
View File

@ -2,8 +2,6 @@
with lib; with lib;
let let
apparmorEnabled = config.security.apparmor.enable;
cfg = config.services.dnscrypt-proxy; cfg = config.services.dnscrypt-proxy;
stateDirectory = "/var/lib/dnscrypt-proxy"; stateDirectory = "/var/lib/dnscrypt-proxy";
@ -187,12 +185,8 @@ in
documentation = [ "man:dnscrypt-proxy(8)" ]; documentation = [ "man:dnscrypt-proxy(8)" ];
before = [ "nss-lookup.target" ]; before = [ "nss-lookup.target" ];
after = [ "network.target" ];
after = [ "network.target" ] requires = [ "dnscrypt-proxy.socket "];
++ optional apparmorEnabled "apparmor.service";
requires = [ "dnscrypt-proxy.socket "]
++ optional apparmorEnabled "apparmor.service";
serviceConfig = { serviceConfig = {
NonBlocking = "true"; NonBlocking = "true";
@ -208,7 +202,9 @@ in
}; };
} }
(mkIf apparmorEnabled { (mkIf config.security.apparmor.enable {
systemd.services.dnscrypt-proxy.after = [ "apparmor.service" ];
security.apparmor.profiles = singleton (pkgs.writeText "apparmor-dnscrypt-proxy" '' security.apparmor.profiles = singleton (pkgs.writeText "apparmor-dnscrypt-proxy" ''
${pkgs.dnscrypt-proxy}/bin/dnscrypt-proxy { ${pkgs.dnscrypt-proxy}/bin/dnscrypt-proxy {
/dev/null rw, /dev/null rw,