diff options
| author | happysalada <raphael@megzari.com> | 2023-05-28 11:42:02 -0400 |
|---|---|---|
| committer | Yt <happysalada@tuta.io> | 2023-05-28 21:17:14 -0400 |
| commit | 3dcca62a5ed895d84482875be94d0d8256fda503 (patch) | |
| tree | 5d40f76fdca2e8c2905fa16f704fec44614cad66 /nixos/modules/services | |
| parent | 4a04b823fb2dbd98baf5e345a8905cacb3d740ee (diff) | |
| download | nixlib-3dcca62a5ed895d84482875be94d0d8256fda503.tar nixlib-3dcca62a5ed895d84482875be94d0d8256fda503.tar.gz nixlib-3dcca62a5ed895d84482875be94d0d8256fda503.tar.bz2 nixlib-3dcca62a5ed895d84482875be94d0d8256fda503.tar.lz nixlib-3dcca62a5ed895d84482875be94d0d8256fda503.tar.xz nixlib-3dcca62a5ed895d84482875be94d0d8256fda503.tar.zst nixlib-3dcca62a5ed895d84482875be94d0d8256fda503.zip | |
nixos/ntfy-sh: add defaults, use dynamic user
Diffstat (limited to 'nixos/modules/services')
| -rw-r--r-- | nixos/modules/services/misc/ntfy-sh.nix | 35 |
1 files changed, 11 insertions, 24 deletions
diff --git a/nixos/modules/services/misc/ntfy-sh.nix b/nixos/modules/services/misc/ntfy-sh.nix index d66b47a2d68a..3dc3bd616c09 100644 --- a/nixos/modules/services/misc/ntfy-sh.nix +++ b/nixos/modules/services/misc/ntfy-sh.nix @@ -19,18 +19,6 @@ in description = mdDoc "The ntfy.sh package to use."; }; - user = mkOption { - default = "ntfy-sh"; - type = types.str; - description = lib.mdDoc "User the ntfy-sh server runs under."; - }; - - group = mkOption { - default = "ntfy-sh"; - type = types.str; - description = lib.mdDoc "Primary group of ntfy-sh user."; - }; - settings = mkOption { type = types.submodule { freeformType = settingsFormat.type; }; @@ -61,6 +49,9 @@ in services.ntfy-sh.settings = { auth-file = mkDefault "/var/lib/ntfy-sh/user.db"; + listen-http = mkDefault "127.0.0.1:2586"; + attachment-cache-dir = mkDefault "/var/lib/ntfy-sh/attachments"; + cache-file = mkDefault "/var/lib/ntfy-sh/cache-file.db"; }; systemd.services.ntfy-sh = { @@ -70,10 +61,15 @@ in after = [ "network.target" ]; serviceConfig = { + ExecStartPre = [ + "${pkgs.coreutils}/bin/touch ${cfg.settings.auth-file}" + "${pkgs.coreutils}/bin/mkdir -p ${cfg.settings.attachment-cache-dir}" + "${pkgs.coreutils}/bin/touch ${cfg.settings.cache-file}" + ]; ExecStart = "${cfg.package}/bin/ntfy serve -c ${configuration}"; - User = cfg.user; StateDirectory = "ntfy-sh"; + DynamicUser = true; AmbientCapabilities = "CAP_NET_BIND_SERVICE"; PrivateTmp = true; NoNewPrivileges = true; @@ -88,17 +84,8 @@ in RestrictNamespaces = true; RestrictRealtime = true; MemoryDenyWriteExecute = true; - }; - }; - - users.groups = optionalAttrs (cfg.group == "ntfy-sh") { - ntfy-sh = { }; - }; - - users.users = optionalAttrs (cfg.user == "ntfy-sh") { - ntfy-sh = { - isSystemUser = true; - group = cfg.group; + # Upstream Requirements + LimitNOFILE = 20500; }; }; }; |