From 4fbf120e8454d722df72ac1a49f1a8d707c0b46f Mon Sep 17 00:00:00 2001
From: "William A. Kennington III" <william@wkennington.com>
Date: Tue, 24 Jun 2014 17:09:27 -0500
Subject: nixos/dhcpd: Add the ability to drop privileges

---
 nixos/modules/services/networking/dhcpd.nix | 22 +++++++++++++++++++++-
 1 file changed, 21 insertions(+), 1 deletion(-)

(limited to 'nixos')

diff --git a/nixos/modules/services/networking/dhcpd.nix b/nixos/modules/services/networking/dhcpd.nix
index d796dcf70326..0c6783760de1 100644
--- a/nixos/modules/services/networking/dhcpd.nix
+++ b/nixos/modules/services/networking/dhcpd.nix
@@ -66,6 +66,24 @@ in
         ";
       };
 
+      user = mkOption {
+        default = "nobody";
+        type = types.nullOr types.str;
+        description = ''
+          The user to drop privileges to after the daemon has started.
+          A value of null disables the user privilege change.
+        '';
+      };
+
+      group = mkOption {
+        default = "nogroup";
+        type = types.nullOr types.str;
+        description = ''
+          The group to drop privileges to after the daemon has started.
+          A value of null disables the group privilege change.
+        '';
+      };
+
       configFile = mkOption {
         default = null;
         description = "
@@ -120,8 +138,10 @@ in
 
             touch ${stateDir}/dhcpd.leases
 
-            exec ${pkgs.dhcp}/sbin/dhcpd -f -cf ${configFile} \
+            exec ${pkgs.dhcp}/sbin/dhcpd -f --no-pid -cf ${configFile} \
                 -lf ${stateDir}/dhcpd.leases \
+                ${optionalString (cfg.user != null) "-user ${cfg.user}"} \
+                ${optionalString (cfg.group != null) "-group ${cfg.group}"} \
                 ${toString cfg.interfaces}
           '';
       };
-- 
cgit 1.4.1