Merge pull request #240072 from NickCao/singbox-harden

nixos/sing-box: set umask 0077 when generating configuration file
2023-06-27 20:34:18 +08:00 · 2023-06-27 20:34:18 +08:00 · 694de8e63e
commit 694de8e63e
parent 1691ff977c e52b401a95
1 changed files with 1 additions and 0 deletions
--- a/nixos/modules/services/networking/sing-box.nix
+++ b/nixos/modules/services/networking/sing-box.nix
@ -56,6 +56,7 @@ in

    systemd.services.sing-box = {
      preStart = ''
+        umask 0077
        mkdir -p /etc/sing-box
        ${utils.genJqSecretsReplacementSnippet cfg.settings "/etc/sing-box/config.json"}
      '';