nixos/spiped: remove broken chmod's from preStart

Remove `chmod`s which were (1) broken and (2) no longer considered good Nix practice.
2024-11-22 23:13:19 +00:00 · 2023-01-06 15:15:08 -05:00 · 2023-01-06 15:15:08 -05:00 · 04967c307f
commit 04967c307f
parent dc53c7ec90
1 changed files with 5 additions and 15 deletions
--- a/nixos/modules/services/networking/spiped.nix
+++ b/nixos/modules/services/networking/spiped.nix
@ -62,11 +62,11 @@ in
              keyfile = mkOption {
                type    = types.path;
                description = ''
-                  Name of a file containing the spiped key. As the
-                  daemon runs as the `spiped` user, the
-                  key file must be somewhere owned by that user. By
-                  default, we recommend putting the keys for any spipe
-                  services in `/var/lib/spiped`.
+                  Name of a file containing the spiped key.
+                  As the daemon runs as the `spiped` user,
+                  the key file must be readable by that user.
+                  To securely manage the file within your configuration
+                  consider a tool such as agenix or sops-nix.
                '';
              };

@ -185,22 +185,12 @@ in
      serviceConfig = {
        Restart   = "always";
        User      = "spiped";
-        PermissionsStartOnly = true;
      };

-      preStart  = ''
-        cd /var/lib/spiped
-        chmod -R 0660 *
-        chown -R spiped:spiped *
-      '';
      scriptArgs = "%i";
      script = "exec ${pkgs.spiped}/bin/spiped -F `cat /etc/spiped/$1.spec`";
    };

-    systemd.tmpfiles.rules = lib.mkIf (cfg.config != { }) [
-      "d /var/lib/spiped -"
-    ];
-
    # Setup spiped config files
    environment.etc = mapAttrs' (name: cfg: nameValuePair "spiped/${name}.spec"
      { text = concatStringsSep " "