Unverified Commit e44a5f7f authored by Bruno BELANYI's avatar Bruno BELANYI Committed by GitHub
Browse files

tandoor_recipes: use static user and group instead of DynamicUser (#382858)

parents 856a4ff0 fe2727c4

nixos/modules/services/misc/tandoor-recipes.nix

+25 −3
Original line number Diff line number Diff line
@@ -75,10 +75,33 @@ in 
      };

    };



    user = lib.mkOption {

      type = lib.types.str;

      default = "tandoor_recipes";

      description = "User account under which Tandoor runs.";

    };



    group = lib.mkOption {

      type = lib.types.str;

      default = "tandoor_recipes";

      description = "Group under which Tandoor runs.";

    };



    package = lib.mkPackageOption pkgs "tandoor-recipes" { };

  };



  config = lib.mkIf cfg.enable {

    users.users = lib.mkIf (cfg.user == "tandoor_recipes") {

      tandoor-recipes = {

        inherit (cfg) group;

        isSystemUser = true;

      };

    };



    users.groups = lib.mkIf (cfg.group == "tandoor_recipes") {

      tandoor-recipes = { };

    };



    systemd.services.tandoor-recipes = {

      description = "Tandoor Recipes server";
@@ -88,9 +111,8 @@ in 
        '';

        Restart = "on-failure";



        User = "tandoor_recipes";

        Group = "tandoor_recipes";

        DynamicUser = true;

        User = cfg.user;

        Group = cfg.group;

        StateDirectory = "tandoor-recipes";

        WorkingDirectory = env.MEDIA_ROOT;

        RuntimeDirectory = "tandoor-recipes";