diff options
| author | joachifm <joachifm@users.noreply.github.com> | 2016-04-01 00:07:53 +0000 |
|---|---|---|
| committer | joachifm <joachifm@users.noreply.github.com> | 2016-04-01 00:07:53 +0000 |
| commit | ba90ae904eb8fd0c98845420c5d84132483d14ee (patch) | |
| tree | ce3e42a1ddba39e26b4f260ca6d9e7ec63dd36a4 /nixos/modules | |
| parent | d8abfc87c62477fb8e9afaa22bec1c763f80c62e (diff) | |
| parent | a98a918b1053e3808a3d550527443b9b8d38b926 (diff) | |
| download | nixlib-ba90ae904eb8fd0c98845420c5d84132483d14ee.tar nixlib-ba90ae904eb8fd0c98845420c5d84132483d14ee.tar.gz nixlib-ba90ae904eb8fd0c98845420c5d84132483d14ee.tar.bz2 nixlib-ba90ae904eb8fd0c98845420c5d84132483d14ee.tar.lz nixlib-ba90ae904eb8fd0c98845420c5d84132483d14ee.tar.xz nixlib-ba90ae904eb8fd0c98845420c5d84132483d14ee.tar.zst nixlib-ba90ae904eb8fd0c98845420c5d84132483d14ee.zip | |
Merge pull request #14346 from rnhmjoj/syncthing-daemon
syncthing: run daemon with dedicated user as default
Diffstat (limited to 'nixos/modules')
| -rw-r--r-- | nixos/modules/misc/ids.nix | 2 | ||||
| -rw-r--r-- | nixos/modules/services/networking/syncthing.nix | 33 |
2 files changed, 27 insertions, 8 deletions
diff --git a/nixos/modules/misc/ids.nix b/nixos/modules/misc/ids.nix index f71d1e3fe200..2b5008b9ca8f 100644 --- a/nixos/modules/misc/ids.nix +++ b/nixos/modules/misc/ids.nix @@ -257,6 +257,7 @@ radicale = 234; hydra-queue-runner = 235; hydra-www = 236; + syncthing = 237; # When adding a uid, make sure it doesn't match an existing gid. And don't use uids above 399! @@ -485,6 +486,7 @@ pdnsd = 229; octoprint = 230; radicale = 234; + syncthing = 237; # When adding a gid, make sure it doesn't match an existing # uid. Users and groups with the same name should have equal diff --git a/nixos/modules/services/networking/syncthing.nix b/nixos/modules/services/networking/syncthing.nix index 67b90516b996..da9a270f30b6 100644 --- a/nixos/modules/services/networking/syncthing.nix +++ b/nixos/modules/services/networking/syncthing.nix @@ -5,6 +5,7 @@ with lib; let cfg = config.services.syncthing; + defaultUser = "syncthing"; in @@ -17,6 +18,7 @@ in services.syncthing = { enable = mkOption { + type = types.bool; default = false; description = '' Whether to enable the Syncthing, self-hosted open-source alternative @@ -26,7 +28,8 @@ in }; user = mkOption { - default = "syncthing"; + type = types.string; + default = defaultUser; description = '' Syncthing will be run under this user (user must exist, this can be your user name). @@ -34,8 +37,8 @@ in }; all_proxy = mkOption { - type = types.string; - default = ""; + type = types.nullOr types.string; + default = null; example = "socks5://address.com:1234"; description = '' Overwrites all_proxy environment variable for the syncthing process to @@ -45,6 +48,7 @@ in }; dataDir = mkOption { + type = types.path; default = "/var/lib/syncthing"; description = '' Path where the settings and keys will exist. @@ -71,20 +75,33 @@ in config = mkIf cfg.enable { + users = mkIf (cfg.user == defaultUser) { + extraUsers."${defaultUser}" = + { group = defaultUser; + home = cfg.dataDir; + createHome = true; + uid = config.ids.uids.syncthing; + description = "Syncthing daemon user"; + }; + + extraGroups."${defaultUser}".gid = + config.ids.gids.syncthing; + }; + systemd.services.syncthing = { description = "Syncthing service"; - after = [ "network.target" ]; + after = [ "network.target" ]; wantedBy = [ "multi-user.target" ]; environment = { STNORESTART = "yes"; # do not self-restart STNOUPGRADE = "yes"; - } // - (config.networking.proxy.envVars) // - (if cfg.all_proxy != "" then { all_proxy = cfg.all_proxy; } else {}); + inherit (cfg) all_proxy; + } // config.networking.proxy.envVars; serviceConfig = { - User = "${cfg.user}"; + User = cfg.user; + Group = optionalString (cfg.user == defaultUser) defaultUser; PermissionsStartOnly = true; Restart = "on-failure"; ExecStart = "${pkgs.syncthing}/bin/syncthing -no-browser -home=${cfg.dataDir}"; |