nixos/syndicate-server: pick a reasonable group for the server
This commit is contained in:
parent
f79ea1c9f9
commit
698b386931
|
@ -5,6 +5,13 @@ with lib;
|
||||||
options.services.syndicate-server = {
|
options.services.syndicate-server = {
|
||||||
enable = mkEnableOption "the Syndicate dataspace server";
|
enable = mkEnableOption "the Syndicate dataspace server";
|
||||||
|
|
||||||
|
group = mkOption {
|
||||||
|
type = types.str;
|
||||||
|
default = "wheel";
|
||||||
|
example = "users";
|
||||||
|
description = "Group account under which the Syndicate server runs.";
|
||||||
|
};
|
||||||
|
|
||||||
package = mkOption {
|
package = mkOption {
|
||||||
default = pkgs.syndicate-rs;
|
default = pkgs.syndicate-rs;
|
||||||
defaultText = "pkgs.syndicate-rs";
|
defaultText = "pkgs.syndicate-rs";
|
||||||
|
@ -49,6 +56,7 @@ with lib;
|
||||||
serviceConfig = {
|
serviceConfig = {
|
||||||
ExecStartPre = "${pkgs.coreutils}/bin/mkdir -p ${configDir}";
|
ExecStartPre = "${pkgs.coreutils}/bin/mkdir -p ${configDir}";
|
||||||
ExecStart = "${cfg.package}/bin/syndicate-server --config ${configDir}";
|
ExecStart = "${cfg.package}/bin/syndicate-server --config ${configDir}";
|
||||||
|
Group = cfg.group;
|
||||||
AmbientCapabilities = [ "CAP_NET_BIND_SERVICE" ];
|
AmbientCapabilities = [ "CAP_NET_BIND_SERVICE" ];
|
||||||
DynamicUser = true;
|
DynamicUser = true;
|
||||||
Restart = "always";
|
Restart = "always";
|
||||||
|
|
Loading…
Reference in New Issue