pyrox.dev
tandoor_recipes: use static user and group instead of DynamicUser (#382858)
authored by Bruno BELANYI and committed by GitHub e44a5f7f 856a4ff0
+25
-3
nixos/modules/services/misc/tandoor-recipes.nix
+25
-3
nixos/modules/services/misc/tandoor-recipes.nix
···
75
75
};
76
76
};
77
77
78
+
user = lib.mkOption {
79
+
type = lib.types.str;
80
+
default = "tandoor_recipes";
81
+
description = "User account under which Tandoor runs.";
82
+
};
83
+
84
+
group = lib.mkOption {
85
+
type = lib.types.str;
86
+
default = "tandoor_recipes";
87
+
description = "Group under which Tandoor runs.";
88
+
};
89
+
78
90
package = lib.mkPackageOption pkgs "tandoor-recipes" { };
79
91
};
80
92
81
93
config = lib.mkIf cfg.enable {
94
+
users.users = lib.mkIf (cfg.user == "tandoor_recipes") {
95
+
tandoor-recipes = {
96
+
inherit (cfg) group;
97
+
isSystemUser = true;
98
+
};
99
+
};
100
+
101
+
users.groups = lib.mkIf (cfg.group == "tandoor_recipes") {
102
+
tandoor-recipes = { };
103
+
};
104
+
82
105
systemd.services.tandoor-recipes = {
83
106
description = "Tandoor Recipes server";
84
107
···
88
111
'';
89
112
Restart = "on-failure";
90
113
91
-
User = "tandoor_recipes";
92
-
Group = "tandoor_recipes";
93
-
DynamicUser = true;
114
+
User = cfg.user;
115
+
Group = cfg.group;
94
116
StateDirectory = "tandoor-recipes";
95
117
WorkingDirectory = env.MEDIA_ROOT;
96
118
RuntimeDirectory = "tandoor-recipes";