about summary refs log tree commit diff
path: root/nixos/modules/services/video/frigate.nix
diff options
context:
space:
mode:
Diffstat (limited to 'nixos/modules/services/video/frigate.nix')
-rw-r--r--nixos/modules/services/video/frigate.nix17
1 files changed, 15 insertions, 2 deletions
diff --git a/nixos/modules/services/video/frigate.nix b/nixos/modules/services/video/frigate.nix
index 217637cbebcf..8db2bfae80ac 100644
--- a/nixos/modules/services/video/frigate.nix
+++ b/nixos/modules/services/video/frigate.nix
@@ -322,6 +322,16 @@ in
       '';
     };
 
+    systemd.services.nginx.serviceConfig.SupplementaryGroups = [
+      "frigate"
+    ];
+
+    users.users.frigate = {
+      isSystemUser = true;
+      group = "frigate";
+    };
+    users.groups.frigate = {};
+
     systemd.services.frigate = {
       after = [
         "go2rtc.service"
@@ -349,15 +359,18 @@ in
       serviceConfig = {
         ExecStart = "${cfg.package.python.interpreter} -m frigate";
 
-        DynamicUser = true;
         User = "frigate";
+        Group = "frigate";
+
+        UMask = "0027";
 
         StateDirectory = "frigate";
-        UMask = "0077";
+        StateDirectoryMode = "0750";
 
         # Caches
         PrivateTmp = true;
         CacheDirectory = "frigate";
+        CacheDirectoryMode = "0750";
 
         BindPaths = [
           "/migrations:${cfg.package}/share/frigate/migrations:ro"
generated by cgit-pink 1.4.1 (git 2.36.1) at 2024-08-05 13:39:51 +0000