movefasta/nixpkgs
1
0
Fork 0
mirror of https://github.com/NixOS/nixpkgs.git synced 2025-06-13 21:25:30 +03:00
Code Issues Projects Releases Packages Wiki Activity

kubernetes: prefer 'install' over 'mkdir/chmod/chown'

Browse source
This commit is contained in:
Felix Buehler 2024-02-03 11:16:23 +01:00
parent 237e77803e
commit ffadbb6788
1 changed files with 3 additions and 5 deletions
Download patch file Download diff file Expand all files Collapse all files

8
nixos/modules/services/cluster/kubernetes/pki.nix
View file

@ -174,9 +174,8 @@ in
'') '')
(optionalString cfg.genCfsslAPIToken '' (optionalString cfg.genCfsslAPIToken ''
if [ ! -f "${cfsslAPITokenPath}" ]; then if [ ! -f "${cfsslAPITokenPath}" ]; then
head -c ${toString (cfsslAPITokenLength / 2)} /dev/urandom | od -An -t x | tr -d ' ' >"${cfsslAPITokenPath}" install -u cfssl -m 400 <(head -c ${toString (cfsslAPITokenLength / 2)} /dev/urandom | od -An -t x | tr -d ' ') "${cfsslAPITokenPath}"
fi fi
chown cfssl "${cfsslAPITokenPath}" && chmod 400 "${cfsslAPITokenPath}"
'')]); '')]);
systemd.services.kube-certmgr-bootstrap = { systemd.services.kube-certmgr-bootstrap = {
@ -194,7 +193,7 @@ in
if [ -f "${cfsslAPITokenPath}" ]; then if [ -f "${cfsslAPITokenPath}" ]; then
ln -fs "${cfsslAPITokenPath}" "${certmgrAPITokenPath}" ln -fs "${cfsslAPITokenPath}" "${certmgrAPITokenPath}"
else else
touch "${certmgrAPITokenPath}" && chmod 600 "${certmgrAPITokenPath}" install -m 600 /dev/null "${certmgrAPITokenPath}"
fi fi
'' ''
(optionalString (cfg.pkiTrustOnBootstrap) '' (optionalString (cfg.pkiTrustOnBootstrap) ''
@ -297,8 +296,7 @@ in
exit 1 exit 1
fi fi
echo $token > ${certmgrAPITokenPath} install -m 0600 <(echo $token) ${certmgrAPITokenPath}
chmod 600 ${certmgrAPITokenPath}
echo "Restarting certmgr..." >&1 echo "Restarting certmgr..." >&1
systemctl restart certmgr systemctl restart certmgr