Merge pull request #5487 from luke-clifton/lc-btsync-group

btsync groups
2024-11-25 00:12:56 +00:00 · 2014-12-28 20:25:13 +01:00 · 2014-12-28 20:25:13 +01:00 · 43af22b2de
commit 43af22b2de
parent a30869a525 3c8914f94e
2 changed files with 23 additions and 1 deletions
--- a/nixos/modules/misc/ids.nix
+++ b/nixos/modules/misc/ids.nix
@ -273,6 +273,7 @@
      jenkins = 109;
      systemd-journal-gateway = 110;
      notbit = 111;
+      btsync = 113;
      monetdb = 115;
      foundationdb = 118;
      newrelic = 119;
--- a/nixos/modules/services/networking/btsync.nix
+++ b/nixos/modules/services/networking/btsync.nix
@ -88,7 +88,7 @@ in
          use <literal>systemctl start btsync@user</literal> to start
          the daemon only for user <literal>user</literal>, using the
          configuration file located at
-          <literal>$HOME/.config/btsync.conf</literal>
+          <literal>$HOME/.config/btsync.conf</literal>.
        '';
      };

@ -223,6 +223,21 @@ in
          --generate-secret</literal>. Note that this secret will be
          put inside the Nix store, so it is realistically not very
          secret.
+
+          If you would like to be able to modify the contents of this
+          directories, it is recommended that you make your user a
+          member of the <literal>btsync</literal> group.
+
+          Directories in this list should be in the
+          <literal>btsync</literal> group, and that group must have
+          write access to the directory. It is also recommended that
+          <literal>chmod g+s</literal> is applied to the directory
+          so that any sub directories created will also belong to
+          the <literal>btsync</literal> group. Also,
+          <literal>setfacl -d -m group:btsync:rwx</literal> and
+          <literal>setfacl -m group:btsync:rwx</literal> should also
+          be applied so that the sub directories are writable by
+          the group.
        '';
      };
    };
@ -246,14 +261,20 @@ in
      home            = "/var/lib/btsync";
      createHome      = true;
      uid             = config.ids.uids.btsync;
+      group           = "btsync";
    };

+    users.extraGroups = [
+      { name = "btsync";
+      }];
+
    systemd.services.btsync = with pkgs; {
      description = "Bittorrent Sync Service";
      wantedBy    = [ "multi-user.target" ];
      after       = [ "network.target" ];
      serviceConfig = {
        Restart   = "on-abort";
+        UMask     = "0002";
        User      = "btsync";
        ExecStart =
          "${bittorrentSync}/bin/btsync --nodaemon --config ${configFile}";