pyrox.dev
lol
privoxy service: remove static uid
The service owns no data, having a static uid serves no purpose.
This frees up uid/gid 32
-2
nixos/modules/misc/ids.nix
-2
nixos/modules/misc/ids.nix
+9
-9
nixos/modules/services/networking/privoxy.nix
+9
-9
nixos/modules/services/networking/privoxy.nix
···
6
7
inherit (pkgs) privoxy;
8
9
-
privoxyUser = "privoxy";
10
-
11
cfg = config.services.privoxy;
12
13
confFile = pkgs.writeText "privoxy.conf" ''
···
88
###### implementation
89
90
config = mkIf cfg.enable {
91
-
92
-
users.extraUsers = singleton
93
-
{ name = privoxyUser;
94
-
uid = config.ids.uids.privoxy;
95
-
description = "Privoxy daemon user";
96
-
};
97
98
systemd.services.privoxy = {
99
description = "Filtering web proxy";
100
after = [ "network.target" "nss-lookup.target" ];
101
wantedBy = [ "multi-user.target" ];
102
-
serviceConfig.ExecStart = "${privoxy}/sbin/privoxy --no-daemon --user ${privoxyUser} ${confFile}";
103
104
serviceConfig.PrivateDevices = true;
105
serviceConfig.PrivateTmp = true;
···
6
7
inherit (pkgs) privoxy;
8
9
cfg = config.services.privoxy;
10
11
confFile = pkgs.writeText "privoxy.conf" ''
···
86
###### implementation
87
88
config = mkIf cfg.enable {
89
+
90
+
users.users.privoxy = {
91
+
isSystemUser = true;
92
+
home = "/var/empty";
93
+
group = "privoxy";
94
+
};
95
+
96
+
users.groups.privoxy = {};
97
98
systemd.services.privoxy = {
99
description = "Filtering web proxy";
100
after = [ "network.target" "nss-lookup.target" ];
101
wantedBy = [ "multi-user.target" ];
102
+
serviceConfig.ExecStart = "${privoxy}/bin/privoxy --no-daemon --user privoxy ${confFile}";
103
104
serviceConfig.PrivateDevices = true;
105
serviceConfig.PrivateTmp = true;