diff options
| author | Maximilian Bosch <maximilian@mbosch.me> | 2022-07-20 20:15:53 +0200 |
|---|---|---|
| committer | Maximilian Bosch <maximilian@mbosch.me> | 2022-07-20 20:29:38 +0200 |
| commit | 590e60d124fb93934d03e8c740ca738657cc1816 (patch) | |
| tree | 7785d235d070117cfc88f1e0ba67ef5d3c866194 /nixos | |
| parent | 81add6600cba1e6a896fd0dc413e44f52bb0d601 (diff) | |
nixos/mxisd: umask to avoid accidental world-readability
Diffstat (limited to 'nixos')
| -rw-r--r-- | nixos/modules/services/networking/mxisd.nix | 1 |
1 files changed, 1 insertions, 0 deletions
diff --git a/nixos/modules/services/networking/mxisd.nix b/nixos/modules/services/networking/mxisd.nix index 5b1e0dee8e359..1509671bc54ae 100644 --- a/nixos/modules/services/networking/mxisd.nix +++ b/nixos/modules/services/networking/mxisd.nix @@ -130,6 +130,7 @@ in { EnvironmentFile = mkIf (cfg.environmentFile != null) [ cfg.environmentFile ]; ExecStart = "${cfg.package}/bin/${executable} -c ${cfg.dataDir}/mxisd-config.yaml"; ExecStartPre = "${pkgs.writeShellScript "mxisd-substitute-secrets" '' + umask 0077 ${pkgs.envsubst}/bin/envsubst -o ${cfg.dataDir}/mxisd-config.yaml \ -i ${configFile} ''}"; |