From cfa1faa37c808f0a63093b1af8e03b6624b68872 Mon Sep 17 00:00:00 2001 From: Rodney Lorrimar Date: Sat, 22 Apr 2017 17:51:04 +0100 Subject: [PATCH] gogs service: chmod 440 config file Directory which contains the config file /var/lib/gogs already has mode 700 but users are liable to change these things. --- nixos/modules/services/misc/gogs.nix | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-) diff --git a/nixos/modules/services/misc/gogs.nix b/nixos/modules/services/misc/gogs.nix index f0aff4303054..76e6254856b9 100644 --- a/nixos/modules/services/misc/gogs.nix +++ b/nixos/modules/services/misc/gogs.nix @@ -178,16 +178,19 @@ in wantedBy = [ "multi-user.target" ]; path = [ pkgs.gogs.bin ]; - preStart = '' + preStart = let + runConfig = "${cfg.stateDir}/custom/conf/app.ini"; + in '' # copy custom configuration and generate a random secret key if needed ${optionalString (cfg.useWizard == false) '' mkdir -p ${cfg.stateDir}/custom/conf - cp -f ${configFile} ${cfg.stateDir}/custom/conf/app.ini + cp -f ${configFile} ${runConfig} KEY=$(head -c 16 /dev/urandom | base64) DBPASS=$(head -n1 ${cfg.database.passwordFile}) sed -e "s,#secretkey#,$KEY,g" \ -e "s,#dbpass#,$DBPASS,g" \ - -i ${cfg.stateDir}/custom/conf/app.ini + -i ${runConfig} + chmod 440 ${runConfig} ''} mkdir -p ${cfg.repositoryRoot}