From acda73926d11b140c5499b932790aa5c0186c496 Mon Sep 17 00:00:00 2001 From: DCsunset Date: Mon, 14 Oct 2024 13:28:12 +0000 Subject: [PATCH] nixos/murmur: support setting user and group for service --- nixos/modules/services/networking/murmur.nix | 30 ++++++++++++++++---- 1 file changed, 24 insertions(+), 6 deletions(-) diff --git a/nixos/modules/services/networking/murmur.nix b/nixos/modules/services/networking/murmur.nix index 3834dd5e4c45f..9e346d3384fa3 100644 --- a/nixos/modules/services/networking/murmur.nix +++ b/nixos/modules/services/networking/murmur.nix @@ -69,6 +69,24 @@ in ''; }; + user = mkOption { + type = types.str; + default = "murmur"; + description = '' + The name of an existing user to use to run the service. + If not specified, the default user will be created. + ''; + }; + + group = mkOption { + type = types.str; + default = "murmur"; + description = '' + The name of an existing group to use to run the service. + If not specified, the default group will be created. + ''; + }; + stateDir = mkOption { type = types.path; default = "/var/lib/murmur"; @@ -297,14 +315,14 @@ in }; config = mkIf cfg.enable { - users.users.murmur = { + users.users.murmur = mkIf (cfg.user == "murmur") { description = "Murmur Service user"; home = cfg.stateDir; createHome = true; uid = config.ids.uids.murmur; - group = "murmur"; + group = cfg.group; }; - users.groups.murmur = { + users.groups.murmur = mkIf (cfg.group == "murmur") { gid = config.ids.gids.murmur; }; @@ -332,8 +350,8 @@ in Restart = "always"; RuntimeDirectory = "murmur"; RuntimeDirectoryMode = "0700"; - User = "murmur"; - Group = "murmur"; + User = cfg.user; + Group = cfg.group; # service hardening AmbientCapabilities = "CAP_NET_BIND_SERVICE"; @@ -370,7 +388,7 @@ in "-//freedesktop//DTD D-BUS Bus Configuration 1.0//EN" "http://www.freedesktop.org/standards/dbus/1.0/busconfig.dtd"> - +