diff options
| author | Alyssa Ross <hi@alyssa.is> | 2022-03-15 10:36:38 +0000 |
|---|---|---|
| committer | Alyssa Ross <hi@alyssa.is> | 2022-03-16 11:37:19 +0000 |
| commit | d435710923ac6e6f9fc155534800745004f2ce93 (patch) | |
| tree | 386f9401476f96bdc6ec25173a090198942b5d5b /nixpkgs/nixos/modules/services/security/step-ca.nix | |
| parent | c725f0011e91ae49d351b981690eb66b862b6104 (diff) | |
| parent | 3239fd2b8f728106491154b44625662e10259af2 (diff) | |
| download | nixlib-d435710923ac6e6f9fc155534800745004f2ce93.tar nixlib-d435710923ac6e6f9fc155534800745004f2ce93.tar.gz nixlib-d435710923ac6e6f9fc155534800745004f2ce93.tar.bz2 nixlib-d435710923ac6e6f9fc155534800745004f2ce93.tar.lz nixlib-d435710923ac6e6f9fc155534800745004f2ce93.tar.xz nixlib-d435710923ac6e6f9fc155534800745004f2ce93.tar.zst nixlib-d435710923ac6e6f9fc155534800745004f2ce93.zip | |
Merge commit '3239fd2b8f728106491154b44625662e10259af2'
Conflicts: nixpkgs/pkgs/applications/window-managers/sway/default.nix
Diffstat (limited to 'nixpkgs/nixos/modules/services/security/step-ca.nix')
| -rw-r--r-- | nixpkgs/nixos/modules/services/security/step-ca.nix | 11 |
1 files changed, 11 insertions, 0 deletions
diff --git a/nixpkgs/nixos/modules/services/security/step-ca.nix b/nixpkgs/nixos/modules/services/security/step-ca.nix index db7f81acd2a3..95183078d7b6 100644 --- a/nixpkgs/nixos/modules/services/security/step-ca.nix +++ b/nixpkgs/nixos/modules/services/security/step-ca.nix @@ -106,6 +106,9 @@ in ConditionFileNotEmpty = ""; # override upstream }; serviceConfig = { + User = "step-ca"; + Group = "step-ca"; + UMask = "0077"; Environment = "HOME=%S/step-ca"; WorkingDirectory = ""; # override upstream ReadWriteDirectories = ""; # override upstream @@ -127,6 +130,14 @@ in }; }; + users.users.step-ca = { + home = "/var/lib/step-ca"; + group = "step-ca"; + isSystemUser = true; + }; + + users.groups.step-ca = {}; + networking.firewall = lib.mkIf cfg.openFirewall { allowedTCPPorts = [ cfg.port ]; }; |