Merge pull request #5487 from luke-clifton/lc-btsync-group

btsync groups

2 files changed, 23 insertions, 1 deletions

diff --git a/nixos/modules/misc/ids.nix b/nixos/modules/misc/ids.nix
index bf8365e34645..3f349dda4d3c 100644
--- a/nixos/modules/misc/ids.nix
+++ b/nixos/modules/misc/ids.nix
@@ -273,6 +273,7 @@
       jenkins = 109;
       systemd-journal-gateway = 110;
       notbit = 111;
+      btsync = 113;
       monetdb = 115;
       foundationdb = 118;
       newrelic = 119;
diff --git a/nixos/modules/services/networking/btsync.nix b/nixos/modules/services/networking/btsync.nix
index 7ddc9e1045e4..34bddf908731 100644
--- a/nixos/modules/services/networking/btsync.nix
+++ b/nixos/modules/services/networking/btsync.nix
@@ -88,7 +88,7 @@ in
           use <literal>systemctl start btsync@user</literal> to start
           the daemon only for user <literal>user</literal>, using the
           configuration file located at
-          <literal>$HOME/.config/btsync.conf</literal>
+          <literal>$HOME/.config/btsync.conf</literal>.
         '';
       };
 
@@ -223,6 +223,21 @@ in
           --generate-secret</literal>. Note that this secret will be
           put inside the Nix store, so it is realistically not very
           secret.
+
+          If you would like to be able to modify the contents of this
+          directories, it is recommended that you make your user a
+          member of the <literal>btsync</literal> group.
+
+          Directories in this list should be in the
+          <literal>btsync</literal> group, and that group must have
+          write access to the directory. It is also recommended that
+          <literal>chmod g+s</literal> is applied to the directory
+          so that any sub directories created will also belong to
+          the <literal>btsync</literal> group. Also,
+          <literal>setfacl -d -m group:btsync:rwx</literal> and
+          <literal>setfacl -m group:btsync:rwx</literal> should also
+          be applied so that the sub directories are writable by
+          the group.
         '';
       };
     };
@@ -246,14 +261,20 @@ in
       home            = "/var/lib/btsync";
       createHome      = true;
       uid             = config.ids.uids.btsync;
+      group           = "btsync";
     };
 
+    users.extraGroups = [
+      { name = "btsync";
+      }];
+
     systemd.services.btsync = with pkgs; {
       description = "Bittorrent Sync Service";
       wantedBy    = [ "multi-user.target" ];
       after       = [ "network.target" ];
       serviceConfig = {
         Restart   = "on-abort";
+        UMask     = "0002";
         User      = "btsync";
         ExecStart =
           "${bittorrentSync}/bin/btsync --nodaemon --config ${configFile}";