Merge pull request #14079 from NixOS/add-radicale-user

radicale service: run with dedicated user
2016-03-21 13:56:23 +01:00 · 2016-03-21 13:56:23 +01:00 · 4295ad5ee8
commit 4295ad5ee8
parent 9405b1f497 a491b75523
2 changed files with 17 additions and 0 deletions
--- a/nixos/modules/misc/ids.nix
+++ b/nixos/modules/misc/ids.nix
@ -255,6 +255,7 @@
      avahi-autoipd = 231;
      nntp-proxy = 232;
      mjpg-streamer = 233;
+      radicale = 234;

      # When adding a uid, make sure it doesn't match an existing gid. And don't use uids above 399!

@ -483,6 +484,7 @@
      cfdyndns = 227;
      pdnsd = 229;
      octoprint = 230;
+      radicale = 234;

      # When adding a gid, make sure it doesn't match an existing
      # uid. Users and groups with the same name should have equal
--- a/nixos/modules/services/networking/radicale.nix
+++ b/nixos/modules/services/networking/radicale.nix
@ -35,12 +35,27 @@ in
  config = mkIf cfg.enable {
    environment.systemPackages = [ pkgs.pythonPackages.radicale ];

+    users.extraUsers = singleton
+      { name = "radicale";
+        uid = config.ids.uids.radicale;
+        description = "radicale user";
+        home = "/var/lib/radicale";
+        createHome = true;
+      };
+
+    users.extraGroups = singleton
+      { name = "radicale";
+        gid = config.ids.gids.radicale;
+      };
+
    systemd.services.radicale = {
      description = "A Simple Calendar and Contact Server";
      after = [ "network-interfaces.target" ];
      wantedBy = [ "multi-user.target" ];
      script = "${pkgs.pythonPackages.radicale}/bin/radicale -C ${confFile} -d";
      serviceConfig.Type = "forking";
+      serviceConfig.User = "radicale";
+      serviceConfig.Group = "radicale";
    };
  };
 }