From 39f5182a30cd9eec3ce5bbf30fd1d5ae04126d89 Mon Sep 17 00:00:00 2001 From: Joachim Fasting Date: Thu, 1 Sep 2016 18:48:13 +0200 Subject: [PATCH] unbound service: use auto-generated uid 1. The preStart script ensures consistent ownership, even if the unbound user's uid has changed 2. The unbound daemon does not generate data that needs to be private to it, so it would not matter that a different service would end up owning its data (as long as unbound remains enabled, it should reclaim ownership soon enough anyway). Thus, there's no clear benefit to allocate a dedicated uid for the unbound service. This releases uid/gid 48. Also, because the preStart script creates the data directory, there's no need to specify a homedir or ask for its creation. --- nixos/modules/services/networking/unbound.nix | 7 ++----- 1 file changed, 2 insertions(+), 5 deletions(-) diff --git a/nixos/modules/services/networking/unbound.nix b/nixos/modules/services/networking/unbound.nix index 304996c6326f..c7a4eb6060c0 100644 --- a/nixos/modules/services/networking/unbound.nix +++ b/nixos/modules/services/networking/unbound.nix @@ -96,12 +96,9 @@ in environment.systemPackages = [ pkgs.unbound ]; - users.extraUsers = singleton { - name = "unbound"; - uid = config.ids.uids.unbound; + users.users.unbound = { description = "unbound daemon user"; - home = stateDir; - createHome = true; + isSystemUser = true; }; systemd.services.unbound = {