Revert "nixos/ddclient: fix permission for ddclient.conf (#148179)"

This reverts commit 6af3d13bec. Reported by @arcnmx (https://github.com/NixOS/nixpkgs/pull/148179#issuecomment-987197656): Does this not completely break the service? It doesn't change the owner to the same as the ddclient server (which is somewhat difficult due to it being a DynamicUser), so this now makes the service completely unusable because the config is only readable by its owner, root: ddclient[871397]: WARNING: file /run/ddclient/ddclient.conf: Cannot open file '/run/ddclient/ddclient.conf'. (Permission denied) Given that the RuntimeDirectory was only readable by the ddclient service, the warning this PR fixes was spurious and not indicative of an actual information leak. I'm not sure of what a quick fix would be due to DynamicUser, but would at least request a revert of this so the service can work again?
3 years ago · 8eb814e964
parent 075b4b7e38
commit 8eb814e964
1 changed files with 1 additions and 1 deletions
--- a/nixos/modules/services/networking/ddclient.nix
+++ b/nixos/modules/services/networking/ddclient.nix
@ -29,7 +29,7 @@ let
  configFile = if (cfg.configFile != null) then cfg.configFile else configFile';

  preStart = ''
-    install --mode=0400 ${configFile} /run/${RuntimeDirectory}/ddclient.conf
+    install ${configFile} /run/${RuntimeDirectory}/ddclient.conf
    ${lib.optionalString (cfg.configFile == null) (if (cfg.passwordFile != null) then ''
      password=$(printf "%q" "$(head -n 1 "${cfg.passwordFile}")")
      sed -i "s|^password=$|password=$password|" /run/${RuntimeDirectory}/ddclient.conf