ehmry
/
syndicate-flake
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

nixos/syndicate-server: pick a reasonable group for the server

This commit is contained in:
Emery Hemingway 2021-11-12 14:29:37 +01:00
parent f79ea1c9f9
commit 698b386931
1 changed files with 8 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
nixos/syndicate-server.nix
View File

@ -5,6 +5,13 @@ with lib;
options.services.syndicate-server = {
enable = mkEnableOption "the Syndicate dataspace server";
group = mkOption {
type = types.str;
default = "wheel";
example = "users";
description = "Group account under which the Syndicate server runs.";
};
package = mkOption {
default = pkgs.syndicate-rs;
defaultText = "pkgs.syndicate-rs";
@ -49,6 +56,7 @@ with lib;
serviceConfig = {
ExecStartPre = "${pkgs.coreutils}/bin/mkdir -p ${configDir}";
ExecStart = "${cfg.package}/bin/syndicate-server --config ${configDir}";
Group = cfg.group;
AmbientCapabilities = [ "CAP_NET_BIND_SERVICE" ];
DynamicUser = true;
Restart = "always";