From 24368beed84506cf930a355b12e9b17b926dd359 Mon Sep 17 00:00:00 2001
From: "William A. Kennington III" <william@wkennington.com>
Date: Wed, 25 Jun 2014 03:28:53 -0500
Subject: [PATCH] nixos/dhcpd: Use dhcp user instead of nobody

---
 nixos/modules/misc/ids.nix                  |  1 +
 nixos/modules/services/networking/dhcpd.nix | 29 ++++++---------------
 2 files changed, 9 insertions(+), 21 deletions(-)

diff --git a/nixos/modules/misc/ids.nix b/nixos/modules/misc/ids.nix
index 8a459ce5e889..fa81ff8a8398 100644
--- a/nixos/modules/misc/ids.nix
+++ b/nixos/modules/misc/ids.nix
@@ -140,6 +140,7 @@
       mopidy = 130;
       unifi = 131;
       gdm = 132;
+      dhcpd = 133;
 
       # When adding a uid, make sure it doesn't match an existing gid. And don't use uids above 399!
 
diff --git a/nixos/modules/services/networking/dhcpd.nix b/nixos/modules/services/networking/dhcpd.nix
index 0c6783760de1..2bc4e5eda43c 100644
--- a/nixos/modules/services/networking/dhcpd.nix
+++ b/nixos/modules/services/networking/dhcpd.nix
@@ -66,24 +66,6 @@ in
         ";
       };
 
-      user = mkOption {
-        default = "nobody";
-        type = types.nullOr types.str;
-        description = ''
-          The user to drop privileges to after the daemon has started.
-          A value of null disables the user privilege change.
-        '';
-      };
-
-      group = mkOption {
-        default = "nogroup";
-        type = types.nullOr types.str;
-        description = ''
-          The group to drop privileges to after the daemon has started.
-          A value of null disables the group privilege change.
-        '';
-      };
-
       configFile = mkOption {
         default = null;
         description = "
@@ -126,6 +108,13 @@ in
 
   config = mkIf config.services.dhcpd.enable {
 
+    users = {
+      extraUsers.dhcpd = {
+        uid = config.ids.uids.dhcpd;
+        description = "DHCP daemon user";
+      };
+    };
+
     jobs.dhcpd =
       { description = "DHCP server";
 
@@ -139,9 +128,7 @@ in
             touch ${stateDir}/dhcpd.leases
 
             exec ${pkgs.dhcp}/sbin/dhcpd -f --no-pid -cf ${configFile} \
-                -lf ${stateDir}/dhcpd.leases \
-                ${optionalString (cfg.user != null) "-user ${cfg.user}"} \
-                ${optionalString (cfg.group != null) "-group ${cfg.group}"} \
+                -lf ${stateDir}/dhcpd.leases -user dhcpd -group nogroup \
                 ${toString cfg.interfaces}
           '';
       };