diff options
author | Luflosi <luflosi@luflosi.de> | 2022-03-17 16:40:54 +0100 |
---|---|---|
committer | Luflosi <luflosi@luflosi.de> | 2022-03-22 11:12:14 +0100 |
commit | 41d45d674a3460b4984c6e3917f7cf231d0ec386 (patch) | |
tree | d7d591a02b4a46d54a2e089633e328a18d32255b /pkgs/applications/networking/ipfs | |
parent | 5dbd4b2b27e24eaed6a79603875493b15b999d4b (diff) |
nixos/ipfs: add systemd hardening
Use the hardened systemd unit from upstream.
Diffstat (limited to 'pkgs/applications/networking/ipfs')
-rw-r--r-- | pkgs/applications/networking/ipfs/default.nix | 24 |
1 files changed, 16 insertions, 8 deletions
diff --git a/pkgs/applications/networking/ipfs/default.nix b/pkgs/applications/networking/ipfs/default.nix index 2cceddf0bd7ce..f6285ae59bebf 100644 --- a/pkgs/applications/networking/ipfs/default.nix +++ b/pkgs/applications/networking/ipfs/default.nix @@ -29,15 +29,23 @@ buildGoModule rec { vendorSha256 = null; + outputs = [ "out" "systemd_unit" "systemd_unit_hardened" ]; + + postPatch = '' + substituteInPlace 'misc/systemd/ipfs.service' \ + --replace '/usr/bin/ipfs' "$out/bin/ipfs" + substituteInPlace 'misc/systemd/ipfs-hardened.service' \ + --replace '/usr/bin/ipfs' "$out/bin/ipfs" + ''; + postInstall = '' - install --mode=444 -D misc/systemd/ipfs.service $out/etc/systemd/system/ipfs.service - install --mode=444 -D misc/systemd/ipfs-hardened.service $out/etc/systemd/system/ipfs-hardened.service - install --mode=444 -D misc/systemd/ipfs-api.socket $out/etc/systemd/system/ipfs-api.socket - install --mode=444 -D misc/systemd/ipfs-gateway.socket $out/etc/systemd/system/ipfs-gateway.socket - substituteInPlace $out/etc/systemd/system/ipfs.service \ - --replace /usr/bin/ipfs $out/bin/ipfs - substituteInPlace $out/etc/systemd/system/ipfs-hardened.service \ - --replace /usr/bin/ipfs $out/bin/ipfs + install --mode=444 -D 'misc/systemd/ipfs-api.socket' "$systemd_unit/etc/systemd/system/ipfs-api.socket" + install --mode=444 -D 'misc/systemd/ipfs-gateway.socket' "$systemd_unit/etc/systemd/system/ipfs-gateway.socket" + install --mode=444 -D 'misc/systemd/ipfs.service' "$systemd_unit/etc/systemd/system/ipfs.service" + + install --mode=444 -D 'misc/systemd/ipfs-api.socket' "$systemd_unit_hardened/etc/systemd/system/ipfs-api.socket" + install --mode=444 -D 'misc/systemd/ipfs-gateway.socket' "$systemd_unit_hardened/etc/systemd/system/ipfs-gateway.socket" + install --mode=444 -D 'misc/systemd/ipfs-hardened.service' "$systemd_unit_hardened/etc/systemd/system/ipfs.service" ''; meta = with lib; { |