noe/pihole-flake
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

modules(pihole-container): make newuidmap available to systemd service

Browse source 
See https://github.com/NixOS/nixpkgs/issues/138423
Potentially a security issue as `/run/wrappers/bin/` contains more commands often with suid bit set.
This commit is contained in:
Christopher Bacher 2022-10-15 21:09:27 +02:00
parent 41d400120d
commit 73aed13f87
1 changed files with 4 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

5
modules/pihole-container.factory.nix
View file

@ -279,8 +279,11 @@ in rec {
wantedBy = [ "multi-user.target" ]; wantedBy = [ "multi-user.target" ];
after = [ "network-online.target" ]; after = [ "network-online.target" ];
# required to make `newuidmap` available to the systemd service (see https://github.com/NixOS/nixpkgs/issues/138423)
path = [ "/run/wrappers" ];
serviceConfig = let serviceConfig = let
optPihole = options.services.pihole; opt = options.services.pihole;
containerEnvVars = let containerEnvVars = let
envVarFragments = collectAttrFragments (value: isAttrs value && value ? "envVar") opt.piholeConfiguration; envVarFragments = collectAttrFragments (value: isAttrs value && value ? "envVar") opt.piholeConfiguration;