b12f/nixpkgs
1
0
Fork 0
Code Issues Pull requests Packages Projects Releases Wiki Activity

nixos/prometheus-mail-exporter: umask to avoid accidental world-readability

Browse source
This commit is contained in:
Maximilian Bosch 2022-07-20 20:21:16 +02:00
parent 590e60d124
commit 92bd77e85e
No known key found for this signature in database
GPG key ID: 9A6EEA275CA5BE0A
1 changed files with 4 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

5
nixos/modules/services/monitoring/prometheus/exporters/mail.nix
View file

@ -174,7 +174,10 @@ in
EnvironmentFile = mkIf (cfg.environmentFile != null) [ cfg.environmentFile ];
RuntimeDirectory = "prometheus-mail-exporter";
ExecStartPre = [
"${pkgs.envsubst}/bin/envsubst -i ${configFile} -o \${RUNTIME_DIRECTORY}/mail-exporter.json"
"${pkgs.writeShellScript "subst-secrets-mail-exporter" ''
umask 0077
${pkgs.envsubst}/bin/envsubst -i ${configFile} -o ''${RUNTIME_DIRECTORY}/mail-exporter.json
''}"
];
ExecStart = ''
${pkgs.prometheus-mail-exporter}/bin/mailexporter \