b12f/nixpkgs
1
0
Fork 0
Code Issues Pull requests Packages Projects Releases Wiki Activity

nixos/privacyidea-ldap-proxy: umask to avoid accidental world-readability

Browse source
This commit is contained in:
Maximilian Bosch 2022-07-20 20:12:46 +02:00
parent 39c0694709
commit 81add6600c
No known key found for this signature in database
GPG key ID: 9A6EEA275CA5BE0A
1 changed files with 1 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

1
nixos/modules/services/security/privacyidea.nix
View file

@ -332,6 +332,7 @@ in
[ cfg.ldap-proxy.environmentFile ];
ExecStartPre =
"${pkgs.writeShellScript "substitute-secrets-ldap-proxy" ''
umask 0077
${pkgs.envsubst}/bin/envsubst \
-i ${ldapProxyConfig} \
-o $STATE_DIRECTORY/ldap-proxy.ini