From e7362a877dd11493d23dcbbee390343b64c0a491 Mon Sep 17 00:00:00 2001
From: Franz Pletz <fpletz@fnordicwalking.de>
Date: Fri, 11 Dec 2015 17:30:45 +0100
Subject: [PATCH] nixos/simp_le: Use systemd for setting user and group

This is much cleaner and we don't depend on sudo.
---
 nixos/modules/services/security/simp_le.nix | 17 ++++++++++++-----
 1 file changed, 12 insertions(+), 5 deletions(-)

diff --git a/nixos/modules/services/security/simp_le.nix b/nixos/modules/services/security/simp_le.nix
index 31eb89da55c..12d9f970816 100644
--- a/nixos/modules/services/security/simp_le.nix
+++ b/nixos/modules/services/security/simp_le.nix
@@ -145,8 +145,12 @@ in
         serviceConfig = {
           Type = "oneshot";
           SuccessExitStatus = [ "0" "1" ];
+          PermissionsStartOnly = true;
+          User = data.user;
+          Group = data.group;
+          PrivateTmp = true;
         };
-        path = [ pkgs.simp_le pkgs.sudo ];
+        path = [ pkgs.simp_le ];
         preStart = ''
           mkdir -p '${cfg.directory}'
           if [ ! -d '${cpath}' ]; then
@@ -157,13 +161,16 @@ in
         script = ''
           cd '${cpath}'
           set +e
-          sudo -u '${data.user}' -- simp_le ${concatMapStringsSep " " (arg: escapeShellArg (toString arg)) cmdline}
+          simp_le ${concatMapStringsSep " " (arg: escapeShellArg (toString arg)) cmdline}
           EXITCODE=$?
           set -e
-          if [ "$EXITCODE" = "0" ]; then
+          echo "$EXITCODE" > /tmp/lastExitCode
+          exit "$EXITCODE"
+        '';
+        postStop = ''
+          if [ -e /tmp/lastExitCode ] && [ "$(cat /tmp/lastExitCode)" = "0" ]; then
+            echo "Executing postRun hook..."
             ${data.postRun}
-          else
-            exit "$EXITCODE"
           fi
         '';
       })