Skip to content
Permalink

Comparing changes

Choose two branches to see what’s changed or to start a new pull request. If you need to, you can also or learn more about diff comparisons.

Open a pull request

Create a new pull request by comparing changes across two branches. If you need to, you can also . Learn more about diff comparisons here.
base repository: NixOS/nixpkgs
Failed to load repositories. Confirm that selected base ref is valid, then try again.
Loading
base: 9405bc22f635
Choose a base ref
...
head repository: NixOS/nixpkgs
Failed to load repositories. Confirm that selected head ref is valid, then try again.
Loading
compare: 9bb400573c5c
Choose a head ref
  • 2 commits
  • 1 file changed
  • 2 contributors

Commits on Sep 6, 2017

  1. dnscrypt-wrapper module: fix permissions and options 

    When keys get refreshed a folder with the permissions of the root user
get created in the home directory of the user dnscrypt-wrapper. This
prevents the service from restarting.

In addition to that the parameters of dnscrypt-wrapper have
changed in upstream and in the newly packaged software.
    @makefu
    makefu committed Sep 6, 2017
    Copy the full SHA
    ca54a86 View commit details

  2. Merge pull request #29050 from makefu/module/dnscrypt-wrapper/fix 

    dnscrypt-wrapper module: fix permissions and options
    @joachifm
    joachifm authored Sep 6, 2017
    Copy the full SHA
    9bb4005 View commit details
Showing with 5 additions and 3 deletions.
  1. +5 −3 nixos/modules/services/networking/dnscrypt-wrapper.nix
8 changes: 5 additions & 3 deletions nixos/modules/services/networking/dnscrypt-wrapper.nix
View file
Original file line number Diff line number Diff line change
@@ -45,7 +45,7 @@ let
rotateKeys = ''
# check if keys are not expired
keyValid() {
fingerprint=$(dnscrypt-wrapper --show-provider-publickey-fingerprint | awk '{print $(NF)}')
fingerprint=$(dnscrypt-wrapper --show-provider-publickey | awk '{print $(NF)}')
dnscrypt-proxy --test=${toString (cfg.keys.checkInterval + 1)} \
--resolver-address=127.0.0.1:${toString cfg.port} \
--provider-name=${cfg.providerName} \
@@ -56,9 +56,10 @@ let
# archive old keys and restart the service
if ! keyValid; then
echo "certificate soon to become invalid; backing up old cert"
mkdir -p oldkeys
mv ${cfg.providerName}.key oldkeys/${cfg.providerName}-$(date +%F-%T).key
mv ${cfg.providerName}.crt oldkeys/${cfg.providerName}-$(date +%F-%T).crt
mv -v ${cfg.providerName}.key oldkeys/${cfg.providerName}-$(date +%F-%T).key
mv -v ${cfg.providerName}.crt oldkeys/${cfg.providerName}-$(date +%F-%T).crt
systemctl restart dnscrypt-wrapper
fi
'';
@@ -169,6 +170,7 @@ in {

path = with pkgs; [ dnscrypt-wrapper dnscrypt-proxy gawk ];
script = rotateKeys;
serviceConfig.User = "dnscrypt-wrapper";
};