movefasta/nixpkgs
0
0
Fork 0
mirror of https://github.com/NixOS/nixpkgs.git synced 2025-07-13 13:40:28 +03:00
Code Activity

tandoor_recipes: use static user and group instead of DynamicUser

Browse source 
Signed-off-by: Ilya Savitsky <ilya.savitsky@codethink.co.uk>
This commit is contained in:
Ilya Savitsky 2025-02-17 15:17:47 +00:00 committed by Ilya Savitsky
parent 29f6170dc8
commit fe2727c45b
1 changed files with 25 additions and 3 deletions
Download patch file Download diff file Expand all files Collapse all files

28
nixos/modules/services/misc/tandoor-recipes.nix
View file

@ -75,10 +75,33 @@ in
};
};
user = lib.mkOption {
type = lib.types.str;
default = "tandoor_recipes";
description = "User account under which Tandoor runs.";
};
group = lib.mkOption {
type = lib.types.str;
default = "tandoor_recipes";
description = "Group under which Tandoor runs.";
};
package = lib.mkPackageOption pkgs "tandoor-recipes" { };
};
config = lib.mkIf cfg.enable {
users.users = lib.mkIf (cfg.user == "tandoor_recipes") {
tandoor-recipes = {
inherit (cfg) group;
isSystemUser = true;
};
};
users.groups = lib.mkIf (cfg.group == "tandoor_recipes") {
tandoor-recipes = { };
};
systemd.services.tandoor-recipes = {
description = "Tandoor Recipes server";
@ -88,9 +111,8 @@ in
'';
Restart = "on-failure";
User = "tandoor_recipes";
Group = "tandoor_recipes";
DynamicUser = true;
User = cfg.user;
Group = cfg.group;
StateDirectory = "tandoor-recipes";
WorkingDirectory = env.MEDIA_ROOT;
RuntimeDirectory = "tandoor-recipes";