nixos/sing-box: generate config file into RuntimeDirectory (#338457)

2024-11-22 15:03:28 +00:00 · 2024-10-19 10:11:00 -04:00 · 2024-10-19 10:11:00 -04:00 · f8b17f235e
commit f8b17f235e
parent 76e497cb6a 9e012ecbf2
1 changed files with 11 additions and 5 deletions
--- a/nixos/modules/services/networking/sing-box.nix
+++ b/nixos/modules/services/networking/sing-box.nix
@ -55,11 +55,17 @@ in
    systemd.packages = [ cfg.package ];

    systemd.services.sing-box = {
-      preStart = ''
-        umask 0077
-        mkdir -p /etc/sing-box
-        ${utils.genJqSecretsReplacementSnippet cfg.settings "/etc/sing-box/config.json"}
-      '';
+      preStart = utils.genJqSecretsReplacementSnippet cfg.settings "/run/sing-box/config.json";
+      serviceConfig = {
+        StateDirectory = "sing-box";
+        StateDirectoryMode = "0700";
+        RuntimeDirectory = "sing-box";
+        RuntimeDirectoryMode = "0700";
+        ExecStart = [
+          ""
+          "${lib.getExe cfg.package} -D \${STATE_DIRECTORY} -C \${RUNTIME_DIRECTORY} run"
+        ];
+      };
      wantedBy = [ "multi-user.target" ];
    };
  };