{generate,setup}-secrets: remove process hardening

ProtectSystem=full disables writing to /etc which is the default
secrets location.

Besides that, hardening is pointless for {generate,setup}-secrets which
don't read external input and are fully under our control.
This commit is contained in:
Erik Arvstedt 2020-02-26 20:37:47 +01:00
parent 89f9bedb9d
commit ad23b508e3
No known key found for this signature in database
GPG Key ID: 33312B944DD97846
2 changed files with 2 additions and 2 deletions

View File

@ -14,7 +14,7 @@ with lib;
serviceConfig = {
Type = "oneshot";
RemainAfterExit = true;
} // config.nix-bitcoin-services.defaultHardening;
};
script = ''
mkdir -p "${config.nix-bitcoin.secretsDir}"
cd "${config.nix-bitcoin.secretsDir}"

View File

@ -56,7 +56,7 @@ in
serviceConfig = {
Type = "oneshot";
RemainAfterExit = true;
} // config.nix-bitcoin-services.defaultHardening;
};
script = ''
setupSecret() {
file="$1"