From 9d251d8b21229c1bc307d87e3258e90bdf0968bb Mon Sep 17 00:00:00 2001 From: Aaron Andersen Date: Wed, 22 May 2019 21:07:08 -0400 Subject: [PATCH] nixos/gitea: define a gitea group to avoid "nogroup" ownership --- nixos/modules/services/misc/gitea.nix | 12 ++++++++++-- 1 file changed, 10 insertions(+), 2 deletions(-) diff --git a/nixos/modules/services/misc/gitea.nix b/nixos/modules/services/misc/gitea.nix index 5f654230bf4c..b3b7ec10e6ea 100644 --- a/nixos/modules/services/misc/gitea.nix +++ b/nixos/modules/services/misc/gitea.nix @@ -304,6 +304,10 @@ in ]; }; + systemd.tmpfiles.rules = [ + "Z '${cfg.stateDir}' - ${cfg.user} gitea - -" + ]; + systemd.services.gitea = { description = "gitea"; after = [ "network.target" ] ++ lib.optional usePostgresql "postgresql.service" ++ lib.optional useMysql "mysql.service"; @@ -363,6 +367,7 @@ in serviceConfig = { Type = "simple"; User = cfg.user; + Group = "gitea"; WorkingDirectory = cfg.stateDir; PermissionsStartOnly = true; ExecStart = "${gitea.bin}/bin/gitea web"; @@ -376,15 +381,18 @@ in }; }; - users = mkIf (cfg.user == "gitea") { - users.gitea = { + users.users = mkIf (cfg.user == "gitea") { + gitea = { description = "Gitea Service"; home = cfg.stateDir; createHome = true; useDefaultShell = true; + group = "gitea"; }; }; + users.groups.gitea = {}; + warnings = optional (cfg.database.password != "") ''config.services.gitea.database.password will be stored as plaintext in the Nix store. Use database.passwordFile instead.'';