public/nixpkgs
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

nixos/simp_le: Use systemd for setting user and group

Browse Source 
This is much cleaner and we don't depend on sudo.
This commit is contained in:
Franz Pletz 2015-12-11 17:30:45 +01:00
parent 1641c19d0b
commit e7362a877d
1 changed files with 12 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

17
nixos/modules/services/security/simp_le.nix
View File

@ -145,8 +145,12 @@ in
serviceConfig = { serviceConfig = {
Type = "oneshot"; Type = "oneshot";
SuccessExitStatus = [ "0" "1" ]; SuccessExitStatus = [ "0" "1" ];
PermissionsStartOnly = true;
User = data.user;
Group = data.group;
PrivateTmp = true;
}; };
path = [ pkgs.simp_le pkgs.sudo ]; path = [ pkgs.simp_le ];
preStart = '' preStart = ''
mkdir -p '${cfg.directory}' mkdir -p '${cfg.directory}'
if [ ! -d '${cpath}' ]; then if [ ! -d '${cpath}' ]; then
@ -157,13 +161,16 @@ in
script = '' script = ''
cd '${cpath}' cd '${cpath}'
set +e set +e
sudo -u '${data.user}' -- simp_le ${concatMapStringsSep " " (arg: escapeShellArg (toString arg)) cmdline} simp_le ${concatMapStringsSep " " (arg: escapeShellArg (toString arg)) cmdline}
EXITCODE=$? EXITCODE=$?
set -e set -e
if [ "$EXITCODE" = "0" ]; then echo "$EXITCODE" > /tmp/lastExitCode
exit "$EXITCODE"
'';
postStop = ''
if [ -e /tmp/lastExitCode ] && [ "$(cat /tmp/lastExitCode)" = "0" ]; then
echo "Executing postRun hook..."
${data.postRun} ${data.postRun}
else
exit "$EXITCODE"
fi fi
''; '';
}) })