nixos/iodine: protect passwordFiles with toString

It should prevent copying the files to a store path
2025-06-14 13:39:15 +03:00 · 2020-02-13 12:00:00 +00:00 · 2020-02-13 12:00:00 +00:00 · 44fd320c0f
commit 44fd320c0f
parent d2d5d89c2c
1 changed files with 2 additions and 2 deletions
--- a/nixos/modules/services/networking/iodine.nix
+++ b/nixos/modules/services/networking/iodine.nix
@ -132,7 +132,7 @@ in
            description = "iodine client - ${name}";
            after = [ "network.target" ];
            wantedBy = [ "multi-user.target" ];
-            script = "exec ${pkgs.iodine}/bin/iodine -f -u ${iodinedUser} ${cfg.extraConfig} ${optionalString (cfg.passwordFile != "") "< \"${cfg.passwordFile}\""} ${cfg.relay} ${cfg.server}";
+            script = "exec ${pkgs.iodine}/bin/iodine -f -u ${iodinedUser} ${cfg.extraConfig} ${optionalString (cfg.passwordFile != "") "< \"${builtins.toString cfg.passwordFile}\""} ${cfg.relay} ${cfg.server}";
            serviceConfig = {
              RestartSec = "30s";
              Restart = "always";
@ -166,7 +166,7 @@ in
            description = "iodine, ip over dns server daemon";
            after = [ "network.target" ];
            wantedBy = [ "multi-user.target" ];
-            script = "exec ${pkgs.iodine}/bin/iodined -f -u ${iodinedUser} ${cfg.server.extraConfig} ${optionalString (cfg.server.passwordFile != "") "< \"${cfg.server.passwordFile}\""} ${cfg.server.ip} ${cfg.server.domain}";
+            script = "exec ${pkgs.iodine}/bin/iodined -f -u ${iodinedUser} ${cfg.server.extraConfig} ${optionalString (cfg.server.passwordFile != "") "< \"${builtins.toString cfg.server.passwordFile}\""} ${cfg.server.ip} ${cfg.server.domain}";
            serviceConfig = {
              # Filesystem access
              ProtectSystem = "strict";