pyrox.dev
Merge pull request #121512 from rnhmjoj/searx
searx: set settings.yml permissions using umask
authored by
Michele Guerini Rocco
and committed by
GitHub
93c5837b
741ed21b
+8
-6
nixos/modules/services/networking/searx.nix
+8
-6
nixos/modules/services/networking/searx.nix
···
4
5
let
6
runDir = "/run/searx";
7
cfg = config.services.searx;
8
9
generateConfig = ''
10
cd ${runDir}
11
12
# write NixOS settings as JSON
13
-
cat <<'EOF' > settings.yml
14
-
${builtins.toJSON cfg.settings}
15
-
EOF
16
17
# substitute environment variables
18
env -0 | while IFS='=' read -r -d ''' n v; do
19
sed "s#@$n@#$v#g" -i settings.yml
20
done
21
-
22
-
# set strict permissions
23
-
chmod 400 settings.yml
24
'';
25
26
settingType = with types; (oneOf
···
4
5
let
6
runDir = "/run/searx";
7
+
8
cfg = config.services.searx;
9
+
10
+
settingsFile = pkgs.writeText "settings.yml"
11
+
(builtins.toJSON cfg.settings);
12
13
generateConfig = ''
14
cd ${runDir}
15
16
# write NixOS settings as JSON
17
+
(
18
+
umask 077
19
+
cp --no-preserve=mode ${settingsFile} settings.yml
20
+
)
21
22
# substitute environment variables
23
env -0 | while IFS='=' read -r -d ''' n v; do
24
sed "s#@$n@#$v#g" -i settings.yml
25
done
26
'';
27
28
settingType = with types; (oneOf