ddclient service: use `environment.etc`

The ddclient daemon requires that the configuration file is only accessible by the ddclient user. This since it typically contains login information.
8 years ago · 9f4775dbb5
parent 781cd33f3b
commit 9f4775dbb5
1 changed files with 21 additions and 15 deletions
--- a/nixos/modules/services/networking/ddclient.nix
+++ b/nixos/modules/services/networking/ddclient.nix
@ -7,22 +7,8 @@ let

  stateDir = "/var/spool/ddclient";
  ddclientUser = "ddclient";
-  ddclientFlags = "-foreground -verbose -noquiet -file ${ddclientCfg}";
+  ddclientFlags = "-foreground -verbose -noquiet -file /etc/ddclient.conf";
  ddclientPIDFile = "${stateDir}/ddclient.pid";
-  ddclientCfg = pkgs.writeText "ddclient.conf" ''
-    daemon=600
-    cache=${stateDir}/ddclient.cache
-    pid=${ddclientPIDFile}
-    use=${config.services.ddclient.use}
-    login=${config.services.ddclient.username}
-    password=${config.services.ddclient.password}
-    protocol=${config.services.ddclient.protocol}
-    server=${config.services.ddclient.server}
-    ssl=${if config.services.ddclient.ssl then "yes" else "no"}
-    wildcard=YES
-    ${config.services.ddclient.domain}
-    ${config.services.ddclient.extraConfig}
-  '';

 in

@ -122,10 +108,30 @@ in
      home = stateDir;
    };

+    environment.etc."ddclient.conf" = {
+      uid = config.ids.uids.ddclient;
+      mode = "0600";
+      text = ''
+        daemon=600
+        cache=${stateDir}/ddclient.cache
+        pid=${ddclientPIDFile}
+        use=${config.services.ddclient.use}
+        login=${config.services.ddclient.username}
+        password=${config.services.ddclient.password}
+        protocol=${config.services.ddclient.protocol}
+        server=${config.services.ddclient.server}
+        ssl=${if config.services.ddclient.ssl then "yes" else "no"}
+        wildcard=YES
+        ${config.services.ddclient.domain}
+        ${config.services.ddclient.extraConfig}
+      '';
+    };
+
    systemd.services.ddclient = {
      description = "Dynamic DNS Client";
      wantedBy = [ "multi-user.target" ];
      after = [ "network.target" ];
+      restartTriggers = [ config.environment.etc."ddclient.conf".source ];

      serviceConfig = {
        # Uncomment this if too many problems occur: