foodogsquared/nixos-config
1
0
Fork 0
mirror of https://github.com/foo-dogsquared/nixos-config.git synced 2025-01-31 10:58:02 +00:00
Code Issues Actions 2 Packages Projects Releases Wiki Activity

services/yt-dlp: fix service working directory

Browse Source 
There is the `--paths` option for that purpose. It also eliminates the
workaround for creating the directory before starting the service for
newly-bootstrapped systems.

The several hardening options have also been corrected.
This commit is contained in:
Gabriel Arazas 2022-04-22 13:10:33 +08:00
parent da25de06ee
commit c0dd8ab1a8
2 changed files with 8 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
modules/home-manager/services/yt-dlp.nix
View File

@ -127,7 +127,6 @@ in {
};
Service = {
WorkingDirectory = cfg.archivePath;
ExecStartPre = ''
${pkgs.bash}/bin/bash -c "${pkgs.coreutils}/bin/mkdir -p ${
lib.escapeShellArg cfg.archivePath
@ -141,7 +140,7 @@ in {
lib.concatStringsSep " " cfg.extraArgs
} ${lib.concatStringsSep " " value.extraArgs} ${
lib.escapeShellArgs value.urls
}
} --paths ${lib.escapeShellArg cfg.archivePath}
'';
in "${archiveScript}/bin/${scriptName}";
};

12
modules/nixos/services/yt-dlp.nix
View File

@ -119,19 +119,21 @@ in {
documentation = [ "man:yt-dlp(1)" ];
enable = true;
path = [ cfg.package pkgs.coreutils ];
preStart = ''
mkdir -p ${lib.escapeShellArg cfg.archivePath}
'';
script = ''
mkdir -p ${lib.escapeShellArg cfg.archivePath} \
&& yt-dlp ${lib.concatStringsSep " " cfg.extraArgs} ${
yt-dlp ${lib.concatStringsSep " " cfg.extraArgs} ${
lib.concatStringsSep " " value.extraArgs
} ${lib.escapeShellArgs value.urls}
} ${lib.escapeShellArgs value.urls} --paths ${cfg.archivePath}
'';
startAt = value.startAt;
serviceConfig = {
NoNewPrivileges = true;
PrivateTmp = true;
ProtectControlGroup = true;
ProtectControlGroups = true;
ProtectClock = true;
ProtectKernelModule = true;
ProtectKernelModules = true;
ProtectKernelLogs = true;
};
}) cfg.jobs;