Loading nixos/modules/services/networking/murmur.nix +24 −6 Original line number Diff line number Diff line Loading @@ -69,6 +69,24 @@ in ''; }; user = mkOption { type = types.str; default = "murmur"; description = '' The name of an existing user to use to run the service. If not specified, the default user will be created. ''; }; group = mkOption { type = types.str; default = "murmur"; description = '' The name of an existing group to use to run the service. If not specified, the default group will be created. ''; }; stateDir = mkOption { type = types.path; default = "/var/lib/murmur"; Loading Loading @@ -297,14 +315,14 @@ in }; config = mkIf cfg.enable { users.users.murmur = { users.users.murmur = mkIf (cfg.user == "murmur") { description = "Murmur Service user"; home = cfg.stateDir; createHome = true; uid = config.ids.uids.murmur; group = "murmur"; group = cfg.group; }; users.groups.murmur = { users.groups.murmur = mkIf (cfg.group == "murmur") { gid = config.ids.gids.murmur; }; Loading Loading @@ -332,8 +350,8 @@ in Restart = "always"; RuntimeDirectory = "murmur"; RuntimeDirectoryMode = "0700"; User = "murmur"; Group = "murmur"; User = cfg.user; Group = cfg.group; # service hardening AmbientCapabilities = "CAP_NET_BIND_SERVICE"; Loading Loading @@ -370,7 +388,7 @@ in "-//freedesktop//DTD D-BUS Bus Configuration 1.0//EN" "http://www.freedesktop.org/standards/dbus/1.0/busconfig.dtd"> <busconfig> <policy user="murmur"> <policy user="${cfg.user}"> <allow own="net.sourceforge.mumble.murmur"/> </policy> Loading Loading
nixos/modules/services/networking/murmur.nix +24 −6 Original line number Diff line number Diff line Loading @@ -69,6 +69,24 @@ in ''; }; user = mkOption { type = types.str; default = "murmur"; description = '' The name of an existing user to use to run the service. If not specified, the default user will be created. ''; }; group = mkOption { type = types.str; default = "murmur"; description = '' The name of an existing group to use to run the service. If not specified, the default group will be created. ''; }; stateDir = mkOption { type = types.path; default = "/var/lib/murmur"; Loading Loading @@ -297,14 +315,14 @@ in }; config = mkIf cfg.enable { users.users.murmur = { users.users.murmur = mkIf (cfg.user == "murmur") { description = "Murmur Service user"; home = cfg.stateDir; createHome = true; uid = config.ids.uids.murmur; group = "murmur"; group = cfg.group; }; users.groups.murmur = { users.groups.murmur = mkIf (cfg.group == "murmur") { gid = config.ids.gids.murmur; }; Loading Loading @@ -332,8 +350,8 @@ in Restart = "always"; RuntimeDirectory = "murmur"; RuntimeDirectoryMode = "0700"; User = "murmur"; Group = "murmur"; User = cfg.user; Group = cfg.group; # service hardening AmbientCapabilities = "CAP_NET_BIND_SERVICE"; Loading Loading @@ -370,7 +388,7 @@ in "-//freedesktop//DTD D-BUS Bus Configuration 1.0//EN" "http://www.freedesktop.org/standards/dbus/1.0/busconfig.dtd"> <busconfig> <policy user="murmur"> <policy user="${cfg.user}"> <allow own="net.sourceforge.mumble.murmur"/> </policy> Loading
