diff options
| author | Julien Malka <julien@malka.sh> | 2023-05-29 16:00:22 +0200 |
|---|---|---|
| committer | Yt <happysalada@tuta.io> | 2023-05-29 11:11:32 -0400 |
| commit | 963155315341bac20371b791fa356d1e53628cf1 (patch) | |
| tree | fe4960c71f13ee62e54b36f746899700719cf19c /nixos/modules/services | |
| parent | 725b45946ec165c282f1edce93b49c82dcec821e (diff) | |
| download | nixlib-963155315341bac20371b791fa356d1e53628cf1.tar nixlib-963155315341bac20371b791fa356d1e53628cf1.tar.gz nixlib-963155315341bac20371b791fa356d1e53628cf1.tar.bz2 nixlib-963155315341bac20371b791fa356d1e53628cf1.tar.lz nixlib-963155315341bac20371b791fa356d1e53628cf1.tar.xz nixlib-963155315341bac20371b791fa356d1e53628cf1.tar.zst nixlib-963155315341bac20371b791fa356d1e53628cf1.zip | |
Revert "nixos/ntfy-sh: add defaults, use dynamic user"
This reverts commit 3dcca62a5ed895d84482875be94d0d8256fda503.
Diffstat (limited to 'nixos/modules/services')
| -rw-r--r-- | nixos/modules/services/misc/ntfy-sh.nix | 35 |
1 files changed, 24 insertions, 11 deletions
diff --git a/nixos/modules/services/misc/ntfy-sh.nix b/nixos/modules/services/misc/ntfy-sh.nix index 3dc3bd616c09..d66b47a2d68a 100644 --- a/nixos/modules/services/misc/ntfy-sh.nix +++ b/nixos/modules/services/misc/ntfy-sh.nix @@ -19,6 +19,18 @@ in description = mdDoc "The ntfy.sh package to use."; }; + user = mkOption { + default = "ntfy-sh"; + type = types.str; + description = lib.mdDoc "User the ntfy-sh server runs under."; + }; + + group = mkOption { + default = "ntfy-sh"; + type = types.str; + description = lib.mdDoc "Primary group of ntfy-sh user."; + }; + settings = mkOption { type = types.submodule { freeformType = settingsFormat.type; }; @@ -49,9 +61,6 @@ in services.ntfy-sh.settings = { auth-file = mkDefault "/var/lib/ntfy-sh/user.db"; - listen-http = mkDefault "127.0.0.1:2586"; - attachment-cache-dir = mkDefault "/var/lib/ntfy-sh/attachments"; - cache-file = mkDefault "/var/lib/ntfy-sh/cache-file.db"; }; systemd.services.ntfy-sh = { @@ -61,15 +70,10 @@ in after = [ "network.target" ]; serviceConfig = { - ExecStartPre = [ - "${pkgs.coreutils}/bin/touch ${cfg.settings.auth-file}" - "${pkgs.coreutils}/bin/mkdir -p ${cfg.settings.attachment-cache-dir}" - "${pkgs.coreutils}/bin/touch ${cfg.settings.cache-file}" - ]; ExecStart = "${cfg.package}/bin/ntfy serve -c ${configuration}"; + User = cfg.user; StateDirectory = "ntfy-sh"; - DynamicUser = true; AmbientCapabilities = "CAP_NET_BIND_SERVICE"; PrivateTmp = true; NoNewPrivileges = true; @@ -84,8 +88,17 @@ in RestrictNamespaces = true; RestrictRealtime = true; MemoryDenyWriteExecute = true; - # Upstream Requirements - LimitNOFILE = 20500; + }; + }; + + users.groups = optionalAttrs (cfg.group == "ntfy-sh") { + ntfy-sh = { }; + }; + + users.users = optionalAttrs (cfg.user == "ntfy-sh") { + ntfy-sh = { + isSystemUser = true; + group = cfg.group; }; }; }; |