pyrox.dev / nixpkgs
lol
fork atom

gale service: fix permissions configuration, fixes #12457

Mark Laws 1c393cbb 8da914ca

options
unified split
Changed files
+6 -6
nixos
modules
services
networking
gale.nix
+6 -6
nixos/modules/services/networking/gale.nix 
···

       
76

       
76

       
 

       



     

       
77

       
77

       
 

       
       system.activationScripts.gale = mkIf cfg.enable (


     

       
78

       
78

       
 

       
         stringAfter [ "users" "groups" ] ''


     

       
79

       

       
-

       
           chmod -R 755 ${home}


     

       

       
79

       
+

       
           chmod 755 ${home}


     

       
80

       
80

       
 

       
           mkdir -m 0777 -p ${home}/auth/cache


     

       
81

       
81

       
 

       
           mkdir -m 1777 -p ${home}/auth/local # GALE_DOMAIN.gpub


     

       
82

       
82

       
 

       
           mkdir -m 0700 -p ${home}/auth/private # ROOT.gpub


     
···

       
86

       
86

       
 

       
           mkdir -m 0700 -p ${home}/.gale/auth/private # GALE_DOMAIN.gpri


     

       
87

       
87

       
 

       



     

       
88

       
88

       
 

       
           ln -sf ${pkgs.gale}/etc/gale/auth/trusted/ROOT "${home}/auth/trusted/ROOT"


     

       
89

       

       
-

       
           chown -R ${cfg.user}:${cfg.group} ${home}


     

       

       
89

       
+

       
           chown ${cfg.user}:${cfg.group} ${home} ${home}/auth ${home}/auth/*


     

       

       
90

       
+

       
           chown ${cfg.user}:${cfg.group} ${home}/.gale ${home}/.gale/auth ${home}/.gale/auth/private


     

       
90

       
91

       
 

       
         ''


     

       
91

       
92

       
 

       
       );


     

       
92

       
93

       
 

       



     
···

       
149

       
150

       
 

       
         after = [ "network.target" ];


     

       
150

       
151

       
 

       



     

       
151

       
152

       
 

       
         preStart = ''


     

       
152

       

       
-

       
           install -m 0640 ${keyPath}/${cfg.domain}.gpri "${home}/.gale/auth/private/"


     

       
153

       

       
-

       
           install -m 0644 ${gpubFile} "${home}/.gale/auth/private/${cfg.domain}.gpub"


     

       
154

       

       
-

       
           install -m 0644 ${gpubFile} "${home}/auth/local/${cfg.domain}.gpub"


     

       
155

       

       
-

       
           chown -R ${cfg.user}:${cfg.group} ${home}


     

       

       
153

       
+

       
           install -m 0640 -o ${cfg.user} -g ${cfg.group} ${keyPath}/${cfg.domain}.gpri "${home}/.gale/auth/private/"


     

       

       
154

       
+

       
           install -m 0644 -o ${cfg.user} -g ${cfg.group} ${gpubFile} "${home}/.gale/auth/private/${cfg.domain}.gpub"


     

       

       
155

       
+

       
           install -m 0644 -o ${cfg.user} -g ${cfg.group} ${gpubFile} "${home}/auth/local/${cfg.domain}.gpub"


     

       
156

       
156

       
 

       
         '';


     

       
157

       
157

       
 

       



     

       
158

       
158

       
 

       
         serviceConfig = {