gale service: fix permissions configuration, fixes #12457

authored by

Mark Laws and committed by
Rok Garbas
1c393cbb 8da914ca

+6 -6
+6 -6
nixos/modules/services/networking/gale.nix
··· 76 76 77 77 system.activationScripts.gale = mkIf cfg.enable ( 78 78 stringAfter [ "users" "groups" ] '' 79 - chmod -R 755 ${home} 79 + chmod 755 ${home} 80 80 mkdir -m 0777 -p ${home}/auth/cache 81 81 mkdir -m 1777 -p ${home}/auth/local # GALE_DOMAIN.gpub 82 82 mkdir -m 0700 -p ${home}/auth/private # ROOT.gpub ··· 86 86 mkdir -m 0700 -p ${home}/.gale/auth/private # GALE_DOMAIN.gpri 87 87 88 88 ln -sf ${pkgs.gale}/etc/gale/auth/trusted/ROOT "${home}/auth/trusted/ROOT" 89 - chown -R ${cfg.user}:${cfg.group} ${home} 89 + chown ${cfg.user}:${cfg.group} ${home} ${home}/auth ${home}/auth/* 90 + chown ${cfg.user}:${cfg.group} ${home}/.gale ${home}/.gale/auth ${home}/.gale/auth/private 90 91 '' 91 92 ); 92 93 ··· 149 150 after = [ "network.target" ]; 150 151 151 152 preStart = '' 152 - install -m 0640 ${keyPath}/${cfg.domain}.gpri "${home}/.gale/auth/private/" 153 - install -m 0644 ${gpubFile} "${home}/.gale/auth/private/${cfg.domain}.gpub" 154 - install -m 0644 ${gpubFile} "${home}/auth/local/${cfg.domain}.gpub" 155 - chown -R ${cfg.user}:${cfg.group} ${home} 153 + install -m 0640 -o ${cfg.user} -g ${cfg.group} ${keyPath}/${cfg.domain}.gpri "${home}/.gale/auth/private/" 154 + install -m 0644 -o ${cfg.user} -g ${cfg.group} ${gpubFile} "${home}/.gale/auth/private/${cfg.domain}.gpub" 155 + install -m 0644 -o ${cfg.user} -g ${cfg.group} ${gpubFile} "${home}/auth/local/${cfg.domain}.gpub" 156 156 ''; 157 157 158 158 serviceConfig = {