From 698b386931b332c92309a3bb3e404489ec915e66 Mon Sep 17 00:00:00 2001
From: Emery Hemingway <ehmry@posteo.net>
Date: Fri, 12 Nov 2021 14:29:37 +0100
Subject: [PATCH] nixos/syndicate-server: pick a reasonable group for the
 server

---
 nixos/syndicate-server.nix | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/nixos/syndicate-server.nix b/nixos/syndicate-server.nix
index 4d312a5..83697b2 100644
--- a/nixos/syndicate-server.nix
+++ b/nixos/syndicate-server.nix
@@ -5,6 +5,13 @@ with lib;
   options.services.syndicate-server = {
     enable = mkEnableOption "the Syndicate dataspace server";
 
+    group = mkOption {
+      type = types.str;
+      default = "wheel";
+      example = "users";
+      description = "Group account under which the Syndicate server runs.";
+    };
+
     package = mkOption {
       default = pkgs.syndicate-rs;
       defaultText = "pkgs.syndicate-rs";
@@ -49,6 +56,7 @@ with lib;
       serviceConfig = {
         ExecStartPre = "${pkgs.coreutils}/bin/mkdir -p ${configDir}";
         ExecStart = "${cfg.package}/bin/syndicate-server --config ${configDir}";
+        Group = cfg.group;
         AmbientCapabilities = [ "CAP_NET_BIND_SERVICE" ];
         DynamicUser = true;
         Restart = "always";