unbound service: do not initialize root cert

When enableRootTrustAnchor is set to false, there is really no point in
initializing the root key before starting unbound.

Fixes #15605.
This commit is contained in:
Arnold Krille 2016-05-21 13:12:48 +02:00 committed by Franz Pletz
parent d5656873d7
commit bf0e745597

View file

@ -106,8 +106,10 @@ in
preStart = ''
mkdir -m 0755 -p ${stateDir}/dev/
cp ${confFile} ${stateDir}/unbound.conf
${optionalString cfg.enableRootTrustAnchor ''
${pkgs.unbound}/bin/unbound-anchor -a ${rootTrustAnchorFile}
chown unbound ${stateDir} ${rootTrustAnchorFile}
''}
touch ${stateDir}/dev/random
${pkgs.utillinux}/bin/mount --bind -n /dev/random ${stateDir}/dev/random
'';