diff options
author | Pascal Wittmann <mail@pascal-wittmann.de> | 2016-03-20 15:25:02 +0100 |
---|---|---|
committer | Pascal Wittmann <mail@pascal-wittmann.de> | 2016-03-20 15:50:14 +0100 |
commit | a491b75523e70c6355ef63e598044bc4c69e95bc (patch) | |
tree | 5c4f63628c515f8cbf0b446c924e0cab947c8b35 /nixos/modules | |
parent | 097e20ccfee0e7580fa978d2b3392cefe5aa6ac9 (diff) | |
download | nixlib-a491b75523e70c6355ef63e598044bc4c69e95bc.tar nixlib-a491b75523e70c6355ef63e598044bc4c69e95bc.tar.gz nixlib-a491b75523e70c6355ef63e598044bc4c69e95bc.tar.bz2 nixlib-a491b75523e70c6355ef63e598044bc4c69e95bc.tar.lz nixlib-a491b75523e70c6355ef63e598044bc4c69e95bc.tar.xz nixlib-a491b75523e70c6355ef63e598044bc4c69e95bc.tar.zst nixlib-a491b75523e70c6355ef63e598044bc4c69e95bc.zip |
radicale service: run with dedicated user
This is done in the context of #11908.
Diffstat (limited to 'nixos/modules')
-rw-r--r-- | nixos/modules/misc/ids.nix | 2 | ||||
-rw-r--r-- | nixos/modules/services/networking/radicale.nix | 15 |
2 files changed, 17 insertions, 0 deletions
diff --git a/nixos/modules/misc/ids.nix b/nixos/modules/misc/ids.nix index 919271cc4e96..d0914df9c287 100644 --- a/nixos/modules/misc/ids.nix +++ b/nixos/modules/misc/ids.nix @@ -255,6 +255,7 @@ avahi-autoipd = 231; nntp-proxy = 232; mjpg-streamer = 233; + radicale = 234; # When adding a uid, make sure it doesn't match an existing gid. And don't use uids above 399! @@ -483,6 +484,7 @@ cfdyndns = 227; pdnsd = 229; octoprint = 230; + radicale = 234; # When adding a gid, make sure it doesn't match an existing # uid. Users and groups with the same name should have equal diff --git a/nixos/modules/services/networking/radicale.nix b/nixos/modules/services/networking/radicale.nix index 4b77ef22ac12..19762f4e570c 100644 --- a/nixos/modules/services/networking/radicale.nix +++ b/nixos/modules/services/networking/radicale.nix @@ -35,12 +35,27 @@ in config = mkIf cfg.enable { environment.systemPackages = [ pkgs.pythonPackages.radicale ]; + users.extraUsers = singleton + { name = "radicale"; + uid = config.ids.uids.radicale; + description = "radicale user"; + home = "/var/lib/radicale"; + createHome = true; + }; + + users.extraGroups = singleton + { name = "radicale"; + gid = config.ids.gids.radicale; + }; + systemd.services.radicale = { description = "A Simple Calendar and Contact Server"; after = [ "network-interfaces.target" ]; wantedBy = [ "multi-user.target" ]; script = "${pkgs.pythonPackages.radicale}/bin/radicale -C ${confFile} -d"; serviceConfig.Type = "forking"; + serviceConfig.User = "radicale"; + serviceConfig.Group = "radicale"; }; }; } |