homu: run under separate static user/group

This commit is contained in:
Astro 2019-04-30 22:50:26 +02:00
parent f684ad7f55
commit 9805090d9e
1 changed files with 9 additions and 21 deletions

View File

@ -35,7 +35,7 @@ let
)) ))
); );
dbFile = homuConfig.db.file; dbDir = dirOf homuConfig.db.file;
in in
{ {
@ -45,14 +45,6 @@ in
default = false; default = false;
description = "Enable the bot"; description = "Enable the bot";
}; };
user = mkOption {
type = types.str;
default = "nobody";
};
group = mkOption {
type = types.str;
default = "nogroup";
};
config = mkOption { config = mkOption {
description = "Structured data for config.toml"; description = "Structured data for config.toml";
type = with types; attrsOf unspecified; type = with types; attrsOf unspecified;
@ -60,20 +52,16 @@ in
}; };
config = mkIf cfg.enable { config = mkIf cfg.enable {
systemd.services.homu-dbdir = { users.users.homu = {
description = "Homu bot database directory"; group = "homu";
serviceConfig = { home = dbDir;
Type = "oneshot"; createHome = true;
ExecStart = [
"${pkgs.coreutils}/bin/mkdir -p ${dirOf dbFile}"
"${pkgs.coreutils}/bin/chown -R ${cfg.user}:${cfg.group} ${dirOf dbFile}"
];
};
}; };
users.groups.homu = {};
systemd.services.homu = { systemd.services.homu = {
description = "Homu bot"; description = "Homu bot";
wantedBy = [ "multi-user.target" ]; wantedBy = [ "multi-user.target" ];
requires = [ "homu-dbdir.service" ];
after = [ "network.target" ]; after = [ "network.target" ];
serviceConfig = { serviceConfig = {
Type = "simple"; Type = "simple";
@ -82,8 +70,8 @@ in
Restart = "always"; Restart = "always";
RestartSec = "5sec"; RestartSec = "5sec";
User = cfg.user; User = "homu";
Group = cfg.group; Group = "homu";
}; };
}; };
}; };