pyrox.dev
Merge pull request #122647 from onny/caddy
nixos/caddy: support user and group options
authored by Aaron Andersen and committed by GitHub 21f5dd5c 82f66a40
+25
-8
nixos/modules/services/web-servers/caddy.nix
+25
-8
nixos/modules/services/web-servers/caddy.nix
···
63
'';
64
};
65
66
adapter = mkOption {
67
default = "caddyfile";
68
example = "nginx";
···
123
ExecStart = "${cfg.package}/bin/caddy run --config ${configJSON}";
124
ExecReload = "${cfg.package}/bin/caddy reload --config ${configJSON}";
125
Type = "simple";
126
-
User = "caddy";
127
-
Group = "caddy";
128
Restart = "on-abnormal";
129
AmbientCapabilities = "cap_net_bind_service";
130
CapabilityBoundingSet = "cap_net_bind_service";
···
142
};
143
};
144
145
-
users.users.caddy = {
146
-
group = "caddy";
147
-
uid = config.ids.uids.caddy;
148
-
home = cfg.dataDir;
149
-
createHome = true;
150
};
151
152
-
users.groups.caddy.gid = config.ids.uids.caddy;
153
};
154
}
···
63
'';
64
};
65
66
+
user = mkOption {
67
+
default = "caddy";
68
+
type = types.str;
69
+
description = "User account under which caddy runs.";
70
+
};
71
+
72
+
group = mkOption {
73
+
default = "caddy";
74
+
type = types.str;
75
+
description = "Group account under which caddy runs.";
76
+
};
77
+
78
adapter = mkOption {
79
default = "caddyfile";
80
example = "nginx";
···
135
ExecStart = "${cfg.package}/bin/caddy run --config ${configJSON}";
136
ExecReload = "${cfg.package}/bin/caddy reload --config ${configJSON}";
137
Type = "simple";
138
+
User = cfg.user;
139
+
Group = cfg.group;
140
Restart = "on-abnormal";
141
AmbientCapabilities = "cap_net_bind_service";
142
CapabilityBoundingSet = "cap_net_bind_service";
···
154
};
155
};
156
157
+
users.users = optionalAttrs (cfg.user == "caddy") {
158
+
caddy = {
159
+
group = cfg.group;
160
+
uid = config.ids.uids.caddy;
161
+
home = cfg.dataDir;
162
+
createHome = true;
163
+
};
164
+
};
165
+
166
+
users.groups = optionalAttrs (cfg.group == "caddy") {
167
+
caddy.gid = config.ids.gids.caddy;
168
};
169
170
};
171
}