1
0

hosts/carbon: Restructure ExecStartPre script for pppd-dtagdsl

This commit is contained in:
clerie 2024-07-14 00:14:14 +02:00
parent d09e80e88e
commit b860650ead
Signed by: clerie
GPG Key ID: BD9F56480870BAD2

View File

@ -26,25 +26,30 @@
environment.etc."ppp/peers/dtagdsl".enable = false; environment.etc."ppp/peers/dtagdsl".enable = false;
systemd.services."pppd-dtagdsl".serviceConfig = { systemd.services."pppd-dtagdsl".serviceConfig = let
preStart = ''
mkdir -p /etc/ppp/peers
# Created files only readable by root
umask u=rw,g=,o=
# Copy config and substitute username
rm -f /etc/ppp/peers/dtagdsl
${pkgs.envsubst}/bin/envsubst -i "${config.environment.etc."ppp/peers/dtagdsl".source}" > /etc/ppp/peers/dtagdsl
# Copy login secrets
rm -f /etc/ppp/pap-secrets
cat ${config.sops.secrets.pppd-dtagdsl-secrets.path} > /etc/ppp/pap-secrets
rm -f /etc/ppp/chap-secrets
cat ${config.sops.secrets.pppd-dtagdsl-secrets.path} > /etc/ppp/chap-secrets
'';
preStartFile = utils.systemdUtils.lib.makeJobScript "pppd-dtagdsl-pre-start" preStart;
in {
EnvironmentFile = config.sops.secrets.pppd-dtagdsl-username.path; EnvironmentFile = config.sops.secrets.pppd-dtagdsl-username.path;
ExecStartPre = [ ExecStartPre = [
"+${utils.systemdUtils.lib.makeJobScript "pppd-dtagdsl-pre-start" '' # "+" marks script to be executed without priviledge restrictions
mkdir -p /etc/ppp/peers "+${preStartFile}"
# Created files only readable by root
umask u=rw,g=,o=
# Copy config and substitute username
rm -f /etc/ppp/peers/dtagdsl
${pkgs.envsubst}/bin/envsubst -i "${config.environment.etc."ppp/peers/dtagdsl".source}" > /etc/ppp/peers/dtagdsl
# Copy login secrets
rm -f /etc/ppp/pap-secrets
cat ${config.sops.secrets.pppd-dtagdsl-secrets.path} > /etc/ppp/pap-secrets
rm -f /etc/ppp/chap-secrets
cat ${config.sops.secrets.pppd-dtagdsl-secrets.path} > /etc/ppp/chap-secrets
''}"
]; ];
}; };