nixos/geoclue2: don't run as root

2024-11-20 00:53:12 +03:00 · 2019-05-19 18:53:18 -04:00 · 2019-05-19 18:53:18 -04:00 · 82135b6c81
commit 82135b6c81
parent 3f488fd36b
2 changed files with 14 additions and 0 deletions
--- a/nixos/modules/services/desktops/geoclue2.nix
+++ b/nixos/modules/services/desktops/geoclue2.nix
@ -188,6 +188,19 @@ in

    systemd.packages = [ package ];

+    users.users.geoclue = {
+      isSystemUser = true;
+      home = "/var/lib/geoclue";
+      group = "geoclue";
+      description = "Geoinformation service";
+    };
+
+    users.groups.geoclue = {};
+
+    systemd.tmpfiles.rules = [
+      "d /var/lib/geoclue 0755 geoclue geoclue"
+    ];
+
    # restart geoclue service when the configuration changes
    systemd.services."geoclue".restartTriggers = [
      config.environment.etc."geoclue/geoclue.conf".source
--- a/pkgs/development/libraries/geoclue/default.nix
+++ b/pkgs/development/libraries/geoclue/default.nix
@ -42,6 +42,7 @@ stdenv.mkDerivation rec {
    "-Ddemo-agent=${if withDemoAgent then "true" else "false"}"
    "--sysconfdir=/etc"
    "-Dsysconfdir_install=${placeholder "out"}/etc"
+    "-Ddbus-srv-user=geoclue"
  ] ++ optionals stdenv.isDarwin [
    "-D3g-source=false"
    "-Dcdma-source=false"