From 5307f754308dcdc4d4eeecff1715409ae1c3a265 Mon Sep 17 00:00:00 2001 From: Gregor Kleen Date: Sun, 10 Oct 2021 14:13:50 +0200 Subject: yggdrasil-wg: ... --- modules/yggdrasil-wg/default.nix | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/modules/yggdrasil-wg/default.nix b/modules/yggdrasil-wg/default.nix index db7780fb..67bb34f5 100644 --- a/modules/yggdrasil-wg/default.nix +++ b/modules/yggdrasil-wg/default.nix @@ -86,8 +86,10 @@ in { systemd.services = listToAttrs (filter ({ value, ...}: value != null) (imap0 (ix: opts@{to, from, ...}: let other = if from == hostName then to else from; in nameValuePair "yggdrasil-udp2raw@${other}" (if opts ? "endpointHost" && (from == hostName || to == hostName) then { path = with pkgs; [iptables]; serviceConfig = { - RuntimeDirectory = ["config"]; + RuntimeDirectory = ["udp2raw-config-${other}"]; + RuntimeDirectoryMode = "0700"; ExecStartPre = pkgs.writeShellScript "udp2raw-mkconfig-${other}.sh" '' + umask 0077 secret=$(cat ${config.sops.secrets."yggdrasil-udp2raw-secret".path}) cat >''${RUNTIME_DIRECTORY}/udp2raw.conf <