{generate,setup}-secrets: remove process hardening
ProtectSystem=full disables writing to /etc which is the default secrets location. Besides that, hardening is pointless for {generate,setup}-secrets which don't read external input and are fully under our control.
This commit is contained in:
parent
89f9bedb9d
commit
ad23b508e3
@ -14,7 +14,7 @@ with lib;
|
||||
serviceConfig = {
|
||||
Type = "oneshot";
|
||||
RemainAfterExit = true;
|
||||
} // config.nix-bitcoin-services.defaultHardening;
|
||||
};
|
||||
script = ''
|
||||
mkdir -p "${config.nix-bitcoin.secretsDir}"
|
||||
cd "${config.nix-bitcoin.secretsDir}"
|
||||
|
@ -56,7 +56,7 @@ in
|
||||
serviceConfig = {
|
||||
Type = "oneshot";
|
||||
RemainAfterExit = true;
|
||||
} // config.nix-bitcoin-services.defaultHardening;
|
||||
};
|
||||
script = ''
|
||||
setupSecret() {
|
||||
file="$1"
|
||||
|
Loading…
Reference in New Issue
Block a user