From b860650ead474f1ee2ea4486362355568c433375 Mon Sep 17 00:00:00 2001 From: clerie Date: Sun, 14 Jul 2024 00:14:14 +0200 Subject: [PATCH] hosts/carbon: Restructure ExecStartPre script for pppd-dtagdsl --- hosts/carbon/ppp.nix | 39 ++++++++++++++++++++++----------------- 1 file changed, 22 insertions(+), 17 deletions(-) diff --git a/hosts/carbon/ppp.nix b/hosts/carbon/ppp.nix index 82cec5f..7c09f21 100644 --- a/hosts/carbon/ppp.nix +++ b/hosts/carbon/ppp.nix @@ -26,25 +26,30 @@ environment.etc."ppp/peers/dtagdsl".enable = false; - systemd.services."pppd-dtagdsl".serviceConfig = { + systemd.services."pppd-dtagdsl".serviceConfig = let + preStart = '' + mkdir -p /etc/ppp/peers + + # Created files only readable by root + umask u=rw,g=,o= + + # Copy config and substitute username + rm -f /etc/ppp/peers/dtagdsl + ${pkgs.envsubst}/bin/envsubst -i "${config.environment.etc."ppp/peers/dtagdsl".source}" > /etc/ppp/peers/dtagdsl + + # Copy login secrets + rm -f /etc/ppp/pap-secrets + cat ${config.sops.secrets.pppd-dtagdsl-secrets.path} > /etc/ppp/pap-secrets + rm -f /etc/ppp/chap-secrets + cat ${config.sops.secrets.pppd-dtagdsl-secrets.path} > /etc/ppp/chap-secrets + ''; + + preStartFile = utils.systemdUtils.lib.makeJobScript "pppd-dtagdsl-pre-start" preStart; + in { EnvironmentFile = config.sops.secrets.pppd-dtagdsl-username.path; ExecStartPre = [ - "+${utils.systemdUtils.lib.makeJobScript "pppd-dtagdsl-pre-start" '' - mkdir -p /etc/ppp/peers - - # Created files only readable by root - umask u=rw,g=,o= - - # Copy config and substitute username - rm -f /etc/ppp/peers/dtagdsl - ${pkgs.envsubst}/bin/envsubst -i "${config.environment.etc."ppp/peers/dtagdsl".source}" > /etc/ppp/peers/dtagdsl - - # Copy login secrets - rm -f /etc/ppp/pap-secrets - cat ${config.sops.secrets.pppd-dtagdsl-secrets.path} > /etc/ppp/pap-secrets - rm -f /etc/ppp/chap-secrets - cat ${config.sops.secrets.pppd-dtagdsl-secrets.path} > /etc/ppp/chap-secrets - ''}" + # "+" marks script to be executed without priviledge restrictions + "+${preStartFile}" ]; };