nixos/vault: replace deprecated usage of PermissionsStartOnly
see https://github.com/NixOS/nixpkgs/issues/53852
This commit is contained in:
parent
053c9a7992
commit
a1c48c3f63
1 changed files with 4 additions and 5 deletions
|
@ -119,6 +119,10 @@ in
|
|||
};
|
||||
users.groups.vault.gid = config.ids.gids.vault;
|
||||
|
||||
systemd.tmpfiles.rules = optional (cfg.storagePath != null) [
|
||||
"d '${cfg.storagePath}' 0700 vault vault - -"
|
||||
];
|
||||
|
||||
systemd.services.vault = {
|
||||
description = "Vault server daemon";
|
||||
|
||||
|
@ -128,14 +132,9 @@ in
|
|||
|
||||
restartIfChanged = false; # do not restart on "nixos-rebuild switch". It would seal the storage and disrupt the clients.
|
||||
|
||||
preStart = optionalString (cfg.storagePath != null) ''
|
||||
install -d -m0700 -o vault -g vault "${cfg.storagePath}"
|
||||
'';
|
||||
|
||||
serviceConfig = {
|
||||
User = "vault";
|
||||
Group = "vault";
|
||||
PermissionsStartOnly = true;
|
||||
ExecStart = "${cfg.package}/bin/vault server -config ${configFile}";
|
||||
PrivateDevices = true;
|
||||
PrivateTmp = true;
|
||||
|
|
Loading…
Reference in a new issue