diff options
| author | Martin Milata <martin@martinmilata.cz> | 2020-02-11 17:52:48 +0100 |
|---|---|---|
| committer | Martin Milata <martin@martinmilata.cz> | 2020-03-09 23:29:04 +0100 |
| commit | b150e08169d95c5813ded16959002da38282d850 (patch) | |
| tree | 4e7a52ff29f249a2fb6773335623533d0f5a3c19 /nixos/modules | |
| parent | 6301e0af06e0850cb029fac0a40822ca5e93ddae (diff) | |
| download | nixlib-b150e08169d95c5813ded16959002da38282d850.tar nixlib-b150e08169d95c5813ded16959002da38282d850.tar.gz nixlib-b150e08169d95c5813ded16959002da38282d850.tar.bz2 nixlib-b150e08169d95c5813ded16959002da38282d850.tar.lz nixlib-b150e08169d95c5813ded16959002da38282d850.tar.xz nixlib-b150e08169d95c5813ded16959002da38282d850.tar.zst nixlib-b150e08169d95c5813ded16959002da38282d850.zip | |
nixos/supybot: stateDir in /var/lib, use tmpfiles
Moving the stateDir is needed in order to use ProtectSystem=strict systemd option.
Diffstat (limited to 'nixos/modules')
| -rw-r--r-- | nixos/modules/services/networking/supybot.nix | 29 |
1 files changed, 21 insertions, 8 deletions
diff --git a/nixos/modules/services/networking/supybot.nix b/nixos/modules/services/networking/supybot.nix index d5b9a97a1c1a..21e9fbd6e604 100644 --- a/nixos/modules/services/networking/supybot.nix +++ b/nixos/modules/services/networking/supybot.nix @@ -20,15 +20,18 @@ in }; stateDir = mkOption { - # Setting this to /var/lib/supybot caused useradd to fail - default = "/home/supybot"; + type = types.path; + default = if versionAtLeast config.system.stateVersion "20.09" + then "/var/lib/supybot" + else "/home/supybot"; + defaultText = "/var/lib/supybot"; description = "The root directory, logs and plugins are stored here"; }; configFile = mkOption { type = types.path; description = '' - Path to a supybot config file. This can be generated by + Path to initial supybot config file. This can be generated by running supybot-wizard. Note: all paths should include the full path to the stateDir @@ -50,7 +53,7 @@ in group = "supybot"; description = "Supybot IRC bot user"; home = cfg.stateDir; - createHome = true; + isSystemUser = true; }; users.groups.supybot = { @@ -63,11 +66,8 @@ in wantedBy = [ "multi-user.target" ]; path = [ pkgs.pythonPackages.limnoria ]; preStart = '' - cd ${cfg.stateDir} - mkdir -p backup conf data plugins logs/plugins tmp web - ln -sf ${cfg.configFile} supybot.cfg # This needs to be created afresh every time - rm -f supybot.cfg.bak + rm -f '${cfg.stateDir}/supybot.cfg.bak' ''; serviceConfig = { @@ -82,5 +82,18 @@ in }; }; + systemd.tmpfiles.rules = [ + "d '${cfg.stateDir}' 0700 supybot supybot - -" + "d '${cfg.stateDir}/backup' 0750 supybot supybot - -" + "d '${cfg.stateDir}/conf' 0750 supybot supybot - -" + "d '${cfg.stateDir}/data' 0750 supybot supybot - -" + "d '${cfg.stateDir}/plugins' 0750 supybot supybot - -" + "d '${cfg.stateDir}/logs' 0750 supybot supybot - -" + "d '${cfg.stateDir}/logs/plugins' 0750 supybot supybot - -" + "d '${cfg.stateDir}/tmp' 0750 supybot supybot - -" + "d '${cfg.stateDir}/web' 0750 supybot supybot - -" + "L '${cfg.stateDir}/supybot.cfg' - - - - ${cfg.configFile}" + ]; + }; } |