diff options
author | Robert Hensing <roberth@users.noreply.github.com> | 2024-06-20 20:06:13 +0200 |
---|---|---|
committer | GitHub <noreply@github.com> | 2024-06-20 20:06:13 +0200 |
commit | ba5a6f19edd082c2a0855d85ce49668ab8db8f55 (patch) | |
tree | f4baa2f8227b58c1db107a5ebfa4bd1fa6bea93c /nixos/modules | |
parent | b0498a19722e30907eb4d80f5e196e4e9df96fb3 (diff) | |
parent | 615d19beb3065a9b35495e0ba2d905d6ed4f9a66 (diff) |
Merge pull request #312516 from Stunkymonkey/nixos-swap-umask
nixos/swap: prefer 'umask' over 'chmod'
Diffstat (limited to 'nixos/modules')
-rw-r--r-- | nixos/modules/config/swap.nix | 10 |
1 files changed, 6 insertions, 4 deletions
diff --git a/nixos/modules/config/swap.nix b/nixos/modules/config/swap.nix index a606ebd767598..53aea5d847129 100644 --- a/nixos/modules/config/swap.nix +++ b/nixos/modules/config/swap.nix @@ -275,7 +275,6 @@ in chattr +C "$DEVICE" 2>/dev/null || true dd if=/dev/zero of="$DEVICE" bs=1M count=${toString sw.size} - chmod 0600 ${sw.device} ${optionalString (!sw.randomEncryption.enable) "mkswap ${sw.realDevice}"} fi ''} @@ -292,9 +291,12 @@ in unitConfig.RequiresMountsFor = [ "${dirOf sw.device}" ]; unitConfig.DefaultDependencies = false; # needed to prevent a cycle - serviceConfig.Type = "oneshot"; - serviceConfig.RemainAfterExit = sw.randomEncryption.enable; - serviceConfig.ExecStop = optionalString sw.randomEncryption.enable "${pkgs.cryptsetup}/bin/cryptsetup luksClose ${sw.deviceName}"; + serviceConfig = { + Type = "oneshot"; + RemainAfterExit = sw.randomEncryption.enable; + UMask = "0177"; + ExecStop = optionalString sw.randomEncryption.enable "${pkgs.cryptsetup}/bin/cryptsetup luksClose ${sw.deviceName}"; + }; restartIfChanged = false; }; |