From 0721aa49a3488241499aee805e4bb66b0589e42f Mon Sep 17 00:00:00 2001 From: Emery Hemingway Date: Wed, 15 Sep 2021 18:35:12 +0200 Subject: [PATCH] nixos/tox-bootstrapd: use DynamicUser --- nixos/modules/misc/ids.nix | 2 +- .../services/networking/tox-bootstrapd.nix | 21 +++++++------------ 2 files changed, 9 insertions(+), 14 deletions(-) diff --git a/nixos/modules/misc/ids.nix b/nixos/modules/misc/ids.nix index 77575f322746..d2e73193453f 100644 --- a/nixos/modules/misc/ids.nix +++ b/nixos/modules/misc/ids.nix @@ -201,7 +201,7 @@ in peerflix = 163; #chronos = 164; # removed 2020-08-15 gitlab = 165; - tox-bootstrapd = 166; + # tox-bootstrapd = 166; removed 2021-09-15 cadvisor = 167; nylon = 168; #apache-kafka = 169;# dynamically allocated as of 2021-09-03 diff --git a/nixos/modules/services/networking/tox-bootstrapd.nix b/nixos/modules/services/networking/tox-bootstrapd.nix index f88e34827d00..7c13724e084a 100644 --- a/nixos/modules/services/networking/tox-bootstrapd.nix +++ b/nixos/modules/services/networking/tox-bootstrapd.nix @@ -3,15 +3,15 @@ with lib; let - home = "/var/lib/tox-bootstrapd"; - PIDFile = "${home}/pid"; + WorkingDirectory = "/var/lib/tox-bootstrapd"; + PIDFile = "${WorkingDirectory}/pid"; pkg = pkgs.libtoxcore; cfg = config.services.toxBootstrapd; cfgFile = builtins.toFile "tox-bootstrapd.conf" '' port = ${toString cfg.port} - keys_file_path = "${home}/keys" + keys_file_path = "${WorkingDirectory}/keys" pid_file_path = "${PIDFile}" ${cfg.extraConfig} ''; @@ -36,7 +36,7 @@ in keysFile = mkOption { type = types.str; - default = "${home}/keys"; + default = "${WorkingDirectory}/keys"; description = "Node key file."; }; @@ -56,13 +56,6 @@ in config = mkIf config.services.toxBootstrapd.enable { - users.users.tox-bootstrapd = - { uid = config.ids.uids.tox-bootstrapd; - description = "Tox bootstrap daemon user"; - inherit home; - createHome = true; - }; - systemd.services.tox-bootstrapd = { description = "Tox DHT bootstrap daemon"; after = [ "network.target" ]; @@ -70,8 +63,10 @@ in serviceConfig = { ExecStart = "${pkg}/bin/tox-bootstrapd --config=${cfgFile}"; Type = "forking"; - inherit PIDFile; - User = "tox-bootstrapd"; + inherit PIDFile WorkingDirectory; + AmbientCapabilities = ["CAP_NET_BIND_SERVICE"]; + DynamicUser = true; + StateDirectory = "tox-bootstrapd"; }; };