···
copyKeys = concatStrings (mapAttrsToList (keyName: keyOptions: ''
secret=$(cat "${keyOptions.keyFile}")
dest="${stateDir}/private/${keyName}"
155
-
echo " secret: \"$secret\"" > "$dest"
156
-
chown ${username}:${username} "$dest"
155
+
install -m 0400 -o "${username}" -g "${username}" <(echo " secret: \"$secret\"") "$dest"
···
dnssecTools = pkgs.bind.override { enablePython = true; };
signZones = optionalString dnssec ''
450
-
mkdir -p ${stateDir}/dnssec
451
-
chown ${username}:${username} ${stateDir}/dnssec
452
-
chmod 0600 ${stateDir}/dnssec
448
+
install -m 0600 -o "${username}" -g "${username}" -d "${stateDir}/dnssec"
${concatStrings (mapAttrsToList signZone dnssecZones)}
···
rm -Rf "${stateDir}/private/"
rm -Rf "${stateDir}/tmp/"
943
-
mkdir -m 0700 -p "${stateDir}/private"
944
-
mkdir -m 0700 -p "${stateDir}/tmp"
945
-
mkdir -m 0700 -p "${stateDir}/var"
939
+
install -dm 0700 -o "${username}" -g "${username}" "${stateDir}/private"
940
+
install -dm 0700 -o "${username}" -g "${username}" "${stateDir}/tmp"
941
+
install -dm 0700 -o "${username}" -g "${username}" "${stateDir}/var"
cat > "${stateDir}/don't touch anything in here" << EOF
Everything in this directory except NSD's state in var and dnssec
is automatically generated and will be purged and redeployed by
the nsd.service pre-start script.
953
-
chown ${username}:${username} -R "${stateDir}/private"
954
-
chown ${username}:${username} -R "${stateDir}/tmp"
955
-
chown ${username}:${username} -R "${stateDir}/var"
rm -rf "${stateDir}/zones"
cp -rL "${nsdEnv}/zones" "${stateDir}/zones"
pyrox.dev