Merge pull request #29869 from Nadrieril/syncserver-fup

pyrox.dev / nixpkgs

fork atom

lol

fork atom

syncserver service: follow-up of #28189

authored by

Joachim F and committed by

GitHub 8 years ago faf07216 67c5cb23

+24 -29

3 changed files

expand all

unified split

lib

maintainers.nix

nixos

modules

rename.nix

services

networking

firefox

sync-server.nix

lib/maintainers.nix

··· 479 479 mudri = "James Wood <lamudri@gmail.com>"; 480 480 muflax = "Stefan Dorn <mail@muflax.com>"; 481 481 myrl = "Myrl Hex <myrl.0xf@gmail.com>"; 482 + nadrieril = "Nadrieril Feneanar <nadrieril@gmail.com>"; 482 483 namore = "Roman Naumann <namor@hemio.de>"; 483 484 nand0p = "Fernando Jose Pando <nando@hex7.com>"; 484 485 Nate-Devv = "Nathan Moore <natedevv@gmail.com>";

nixos/modules/rename.nix

··· 205 205 "See the 16.09 release notes for more information.") 206 206 (mkRemovedOptionModule [ "services" "phpfpm" "phpIni" ] "") 207 207 (mkRemovedOptionModule [ "services" "dovecot2" "package" ] "") 208 + (mkRemovedOptionModule [ "services" "firefox" "syncserver" "user" ] "") 209 + (mkRemovedOptionModule [ "services" "firefox" "syncserver" "group" ] "") 208 210 (mkRemovedOptionModule [ "fonts" "fontconfig" "hinting" "style" ] "") 209 211 (mkRemovedOptionModule [ "services" "xserver" "displayManager" "sddm" "themes" ] 210 212 "Set the option `services.xserver.displayManager.sddm.package' instead.")

+21 -29

nixos/modules/services/networking/firefox/sync-server.nix

··· 33 33 in 34 34 35 35 { 36 + meta.maintainers = with lib.maintainers; [ nadrieril ]; 37 + 36 38 options = { 37 39 services.firefox.syncserver = { 38 40 enable = mkOption { ··· 70 72 ''; 71 73 }; 72 74 73 - user = mkOption { 74 - type = types.str; 75 - default = "syncserver"; 76 - description = "User account under which syncserver runs."; 77 - }; 78 - 79 - group = mkOption { 80 - type = types.str; 81 - default = "syncserver"; 82 - description = "Group account under which syncserver runs."; 83 - }; 84 - 85 75 publicUrl = mkOption { 86 76 type = types.str; 87 77 default = "http://localhost:5000/"; ··· 137 127 config = mkIf cfg.enable { 138 128 139 129 systemd.services.syncserver = let 140 - syncServerEnv = pkgs.python.withPackages(ps: with ps; [ syncserver pasteScript ]); 130 + syncServerEnv = pkgs.python.withPackages(ps: with ps; [ syncserver pasteScript requests ]); 131 + user = "syncserver"; 132 + group = "syncserver"; 141 133 in { 142 134 after = [ "network.target" ]; 143 135 description = "Firefox Sync Server"; ··· 145 137 path = [ pkgs.coreutils syncServerEnv ]; 146 138 147 139 serviceConfig = { 148 - User = cfg.user; 149 - Group = cfg.group; 140 + User = user; 141 + Group = group; 150 142 PermissionsStartOnly = true; 151 143 }; 152 144 153 145 preStart = '' 154 146 if ! test -e ${cfg.privateConfig}; then 155 - mkdir -m 700 -p $(dirname ${cfg.privateConfig}) 147 + mkdir -p $(dirname ${cfg.privateConfig}) 156 148 echo > ${cfg.privateConfig} '[syncserver]' 149 + chmod 600 ${cfg.privateConfig} 157 150 echo >> ${cfg.privateConfig} "secret = $(head -c 20 /dev/urandom | sha1sum | tr -d ' -')" 158 151 fi 159 - chown ${cfg.user}:${cfg.group} ${cfg.privateConfig} 152 + chmod 600 ${cfg.privateConfig} 153 + chmod 755 $(dirname ${cfg.privateConfig}) 154 + chown ${user}:${group} ${cfg.privateConfig} 155 + 160 156 '' + optionalString (cfg.sqlUri == defaultSqlUri) '' 161 157 if ! test -e $(dirname ${defaultDbLocation}); then 162 158 mkdir -m 700 -p $(dirname ${defaultDbLocation}) 163 - chown ${cfg.user}:${cfg.group} $(dirname ${defaultDbLocation}) 159 + chown ${user}:${group} $(dirname ${defaultDbLocation}) 164 160 fi 161 + 165 162 # Move previous database file if it exists 166 163 oldDb="/var/db/firefox-sync-server.db" 167 164 if test -f $oldDb; then 168 165 mv $oldDb ${defaultDbLocation} 169 - chown ${cfg.user}:${cfg.group} ${defaultDbLocation} 166 + chown ${user}:${group} ${defaultDbLocation} 170 167 fi 171 168 ''; 172 169 serviceConfig.ExecStart = "${syncServerEnv}/bin/paster serve ${syncServerIni}"; 173 170 }; 174 171 175 - users.extraUsers = optionalAttrs (cfg.user == "syncserver") 176 - (singleton { 177 - name = "syncserver"; 178 - group = cfg.group; 179 - isSystemUser = true; 180 - }); 172 + users.users.syncserver = { 173 + group = "syncserver"; 174 + isSystemUser = true; 175 + }; 181 176 182 - users.extraGroups = optionalAttrs (cfg.group == "syncserver") 183 - (singleton { 184 - name = "syncserver"; 185 - }); 177 + users.groups.syncserver = {}; 186 178 }; 187 179 }