Cleanup mountpoint handling

TommyTran732 · Dec 23, 2024 · 5bdbab6 · 5bdbab6
1 parent 4cefc6b
commit 5bdbab6
Show file tree

Hide file tree

Showing 3 changed files with 4 additions and 6 deletions.
diff --git a/etc/systemd/system/nginx-session-ticket-keys.mount b/etc/systemd/system/nginx-session-ticket-keys.mount
@@ -5,4 +5,5 @@ Description=NGINX session ticket keys /etc/nginx/session-ticket-keys
 What=tmps
 Where=/etc/nginx/session-ticket-keys
 Type=tmpfs
-Options=size=1M,mode=700,noswap,x-systemd.before=nginx-create-session-ticket-keys.service,x-systemd.required-by=nginx-create-session-ticket-keys.service
+Options=size=1M,noswap,x-systemd.before=nginx-create-session-ticket-keys.service,x-systemd.required-by=nginx-create-session-ticket-keys.service
+DirectoryMode=700
diff --git a/scripts/nginx-create-session-ticket-keys-ramfs b/scripts/nginx-create-session-ticket-keys-ramfs
@@ -24,9 +24,6 @@ set -o errexit -o nounset -o pipefail
 
 umask 077
 
-mkdir -p /etc/nginx/session-ticket-keys
-mount -t ramfs -o mode=700 ramfs /etc/nginx/session-ticket-keys
-
 cd /etc/nginx/session-ticket-keys
 
 for i in {1..4}; do

diff --git a/setup.sh b/setup.sh
@@ -82,8 +82,6 @@ sudo systemctl daemon-reload
 
 # Setup nginx-create-session-ticket-keys
 
-mkdir -p /etc/nginx/session-ticket-keys
-
 if grep -q rhel /etc/os-release; then
     unpriv curl -s https://raw.githubusercontent.com/TommyTran732/NGINX-Configs/main/scripts/nginx-create-session-ticket-keys-ramfs | sudo tee /usr/local/bin/nginx-create-session-ticket-keys > /dev/null
 else
@@ -104,6 +102,7 @@ sudo chmod u+x "$(realpath /usr/local/bin/nginx-rotate-session-ticket-keys)"
 sudo sed -i '$i restorecon -Rv /etc/nginx/session-ticket-keys' "$(realpath /usr/local/bin/nginx-rotate-session-ticket-keys)"
 
 # Download the units
+unpriv curl -s https://raw.githubusercontent.com/TommyTran732/NGINX-Configs/refs/heads/main/etc/systemd/system/nginx-session-ticket-keys.mount | sudo tee /etc/systemd/system/nginx-session-ticket-keys.mount > /dev/null
 unpriv curl -s https://raw.githubusercontent.com/GrapheneOS/infrastructure/main/systemd/system/nginx-create-session-ticket-keys.service | sudo tee /etc/systemd/system/nginx-create-session-ticket-keys.service > /dev/null
 unpriv curl -s https://raw.githubusercontent.com/GrapheneOS/infrastructure/main/systemd/system/nginx-rotate-session-ticket-keys.service | sudo tee /etc/systemd/system/nginx-rotate-session-ticket-keys.service > /dev/null
 unpriv curl -s https://raw.githubusercontent.com/GrapheneOS/infrastructure/main/systemd/system/nginx-rotate-session-ticket-keys.timer | sudo tee /etc/systemd/system/nginx-rotate-session-ticket-keys.timer > /dev/null
@@ -115,6 +114,7 @@ unpriv curl -s https://raw.githubusercontent.com/TommyTran732/NGINX-Configs/main
 sudo systemctl daemon-reload
 
 # Enable the units
+sudo systemctl enable --now nginx-session-ticket-keys.mount
 sudo systemctl enable --now nginx-create-session-ticket-keys.service
 sudo systemctl enable --now nginx-rotate-session-ticket-keys.timer