unbound service: do not initialize root cert
When enableRootTrustAnchor is set to false, there is really no point in initializing the root key before starting unbound. Fixes #15605.
This commit is contained in:
parent
d5656873d7
commit
bf0e745597
1 changed files with 2 additions and 0 deletions
|
@ -106,8 +106,10 @@ in
|
|||
preStart = ''
|
||||
mkdir -m 0755 -p ${stateDir}/dev/
|
||||
cp ${confFile} ${stateDir}/unbound.conf
|
||||
${optionalString cfg.enableRootTrustAnchor ''
|
||||
${pkgs.unbound}/bin/unbound-anchor -a ${rootTrustAnchorFile}
|
||||
chown unbound ${stateDir} ${rootTrustAnchorFile}
|
||||
''}
|
||||
touch ${stateDir}/dev/random
|
||||
${pkgs.utillinux}/bin/mount --bind -n /dev/random ${stateDir}/dev/random
|
||||
'';
|
||||
|
|
Loading…
Reference in a new issue