From a491b75523e70c6355ef63e598044bc4c69e95bc Mon Sep 17 00:00:00 2001 From: Pascal Wittmann Date: Sun, 20 Mar 2016 15:25:02 +0100 Subject: [PATCH] radicale service: run with dedicated user This is done in the context of #11908. --- nixos/modules/misc/ids.nix | 2 ++ nixos/modules/services/networking/radicale.nix | 15 +++++++++++++++ 2 files changed, 17 insertions(+) diff --git a/nixos/modules/misc/ids.nix b/nixos/modules/misc/ids.nix index 919271cc4e96..d0914df9c287 100644 --- a/nixos/modules/misc/ids.nix +++ b/nixos/modules/misc/ids.nix @@ -255,6 +255,7 @@ avahi-autoipd = 231; nntp-proxy = 232; mjpg-streamer = 233; + radicale = 234; # When adding a uid, make sure it doesn't match an existing gid. And don't use uids above 399! @@ -483,6 +484,7 @@ cfdyndns = 227; pdnsd = 229; octoprint = 230; + radicale = 234; # When adding a gid, make sure it doesn't match an existing # uid. Users and groups with the same name should have equal diff --git a/nixos/modules/services/networking/radicale.nix b/nixos/modules/services/networking/radicale.nix index 4b77ef22ac12..19762f4e570c 100644 --- a/nixos/modules/services/networking/radicale.nix +++ b/nixos/modules/services/networking/radicale.nix @@ -35,12 +35,27 @@ in config = mkIf cfg.enable { environment.systemPackages = [ pkgs.pythonPackages.radicale ]; + users.extraUsers = singleton + { name = "radicale"; + uid = config.ids.uids.radicale; + description = "radicale user"; + home = "/var/lib/radicale"; + createHome = true; + }; + + users.extraGroups = singleton + { name = "radicale"; + gid = config.ids.gids.radicale; + }; + systemd.services.radicale = { description = "A Simple Calendar and Contact Server"; after = [ "network-interfaces.target" ]; wantedBy = [ "multi-user.target" ]; script = "${pkgs.pythonPackages.radicale}/bin/radicale -C ${confFile} -d"; serviceConfig.Type = "forking"; + serviceConfig.User = "radicale"; + serviceConfig.Group = "radicale"; }; }; }