diff options
author | Michele Guerini Rocco <rnhmjoj@users.noreply.github.com> | 2023-08-08 10:34:27 +0200 |
---|---|---|
committer | GitHub <noreply@github.com> | 2023-08-08 10:34:27 +0200 |
commit | ccc33bd3d70cfd8fec50576a626173c296ebee60 (patch) | |
tree | 60fb692664a26871e9bf2cfc97188e612b3623ab /nixos/modules/services/networking | |
parent | 8f1e7a5db59fe2bebec0690f64e1cf5b247539e4 (diff) | |
parent | 4cd4b1b166d7ac2e8135f70e9456fa9babd356f1 (diff) |
Merge pull request #245852 from rnhmjoj/pr-fix-dnscrypt
dnscrypt-wrapper fixes
Diffstat (limited to 'nixos/modules/services/networking')
-rw-r--r-- | nixos/modules/services/networking/dnscrypt-wrapper.nix | 21 |
1 files changed, 5 insertions, 16 deletions
diff --git a/nixos/modules/services/networking/dnscrypt-wrapper.nix b/nixos/modules/services/networking/dnscrypt-wrapper.nix index 082e0195093ef..741f054cd88be 100644 --- a/nixos/modules/services/networking/dnscrypt-wrapper.nix +++ b/nixos/modules/services/networking/dnscrypt-wrapper.nix @@ -71,9 +71,9 @@ let if ! keyValid; then echo "certificate soon to become invalid; backing up old cert" mkdir -p oldkeys - mv -v ${cfg.providerName}.key oldkeys/${cfg.providerName}-$(date +%F-%T).key - mv -v ${cfg.providerName}.crt oldkeys/${cfg.providerName}-$(date +%F-%T).crt - systemctl restart dnscrypt-wrapper + mv -v "${cfg.providerName}.key" "oldkeys/${cfg.providerName}-$(date +%F-%T).key" + mv -v "${cfg.providerName}.crt" "oldkeys/${cfg.providerName}-$(date +%F-%T).crt" + kill "$(pidof -s dnscrypt-wrapper)" fi ''; @@ -222,17 +222,6 @@ in { }; users.groups.dnscrypt-wrapper = { }; - security.polkit.extraConfig = '' - // Allow dnscrypt-wrapper user to restart dnscrypt-wrapper.service - polkit.addRule(function(action, subject) { - if (action.id == "org.freedesktop.systemd1.manage-units" && - action.lookup("unit") == "dnscrypt-wrapper.service" && - subject.user == "dnscrypt-wrapper") { - return polkit.Result.YES; - } - }); - ''; - systemd.services.dnscrypt-wrapper = { description = "dnscrypt-wrapper daemon"; after = [ "network.target" ]; @@ -242,7 +231,7 @@ in { serviceConfig = { User = "dnscrypt-wrapper"; WorkingDirectory = dataDir; - Restart = "on-failure"; + Restart = "always"; ExecStart = "${pkgs.dnscrypt-wrapper}/bin/dnscrypt-wrapper ${toString daemonArgs}"; }; @@ -255,7 +244,7 @@ in { requires = [ "dnscrypt-wrapper.service" ]; description = "Rotates DNSCrypt wrapper keys if soon to expire"; - path = with pkgs; [ dnscrypt-wrapper dnscrypt-proxy1 gawk ]; + path = with pkgs; [ dnscrypt-wrapper dnscrypt-proxy1 gawk procps ]; script = rotateKeys; serviceConfig.User = "dnscrypt-wrapper"; }; |