nixos/vault: replace deprecated usage of PermissionsStartOnly

see https://github.com/NixOS/nixpkgs/issues/53852
This commit is contained in:
Aaron Andersen 2019-02-24 07:53:36 -05:00
parent 053c9a7992
commit a1c48c3f63

View file

@ -119,6 +119,10 @@ in
};
users.groups.vault.gid = config.ids.gids.vault;
systemd.tmpfiles.rules = optional (cfg.storagePath != null) [
"d '${cfg.storagePath}' 0700 vault vault - -"
];
systemd.services.vault = {
description = "Vault server daemon";
@ -128,14 +132,9 @@ in
restartIfChanged = false; # do not restart on "nixos-rebuild switch". It would seal the storage and disrupt the clients.
preStart = optionalString (cfg.storagePath != null) ''
install -d -m0700 -o vault -g vault "${cfg.storagePath}"
'';
serviceConfig = {
User = "vault";
Group = "vault";
PermissionsStartOnly = true;
ExecStart = "${cfg.package}/bin/vault server -config ${configFile}";
PrivateDevices = true;
PrivateTmp = true;