From f90b3dcf05249f88063f8023cea2c9849ca4a1e6 Mon Sep 17 00:00:00 2001 From: Nadrieril Date: Wed, 27 Sep 2017 15:53:12 +0100 Subject: [PATCH 1/5] firefox.syncserver service: No need for configurable user --- .../networking/firefox/sync-server.nix | 39 ++++++------------- 1 file changed, 12 insertions(+), 27 deletions(-) diff --git a/nixos/modules/services/networking/firefox/sync-server.nix b/nixos/modules/services/networking/firefox/sync-server.nix index a9f3fd65d76b..974914ebe1eb 100644 --- a/nixos/modules/services/networking/firefox/sync-server.nix +++ b/nixos/modules/services/networking/firefox/sync-server.nix @@ -70,18 +70,6 @@ in ''; }; - user = mkOption { - type = types.str; - default = "syncserver"; - description = "User account under which syncserver runs."; - }; - - group = mkOption { - type = types.str; - default = "syncserver"; - description = "Group account under which syncserver runs."; - }; - publicUrl = mkOption { type = types.str; default = "http://localhost:5000/"; @@ -138,6 +126,8 @@ in systemd.services.syncserver = let syncServerEnv = pkgs.python.withPackages(ps: with ps; [ syncserver pasteScript ]); + user = "syncserver"; + group = "syncserver"; in { after = [ "network.target" ]; description = "Firefox Sync Server"; @@ -145,8 +135,8 @@ in path = [ pkgs.coreutils syncServerEnv ]; serviceConfig = { - User = cfg.user; - Group = cfg.group; + User = user; + Group = group; PermissionsStartOnly = true; }; @@ -156,32 +146,27 @@ in echo > ${cfg.privateConfig} '[syncserver]' echo >> ${cfg.privateConfig} "secret = $(head -c 20 /dev/urandom | sha1sum | tr -d ' -')" fi - chown ${cfg.user}:${cfg.group} ${cfg.privateConfig} + chown ${user}:${group} ${cfg.privateConfig} '' + optionalString (cfg.sqlUri == defaultSqlUri) '' if ! test -e $(dirname ${defaultDbLocation}); then mkdir -m 700 -p $(dirname ${defaultDbLocation}) - chown ${cfg.user}:${cfg.group} $(dirname ${defaultDbLocation}) + chown ${user}:${group} $(dirname ${defaultDbLocation}) fi # Move previous database file if it exists oldDb="/var/db/firefox-sync-server.db" if test -f $oldDb; then mv $oldDb ${defaultDbLocation} - chown ${cfg.user}:${cfg.group} ${defaultDbLocation} + chown ${user}:${group} ${defaultDbLocation} fi ''; serviceConfig.ExecStart = "${syncServerEnv}/bin/paster serve ${syncServerIni}"; }; - users.extraUsers = optionalAttrs (cfg.user == "syncserver") - (singleton { - name = "syncserver"; - group = cfg.group; - isSystemUser = true; - }); + users.users.syncserver = { + group = "syncserver"; + isSystemUser = true; + }; - users.extraGroups = optionalAttrs (cfg.group == "syncserver") - (singleton { - name = "syncserver"; - }); + users.groups.syncserver = {}; }; } From 573719e32899aa2f8ec2f850b6d8ec56597e1718 Mon Sep 17 00:00:00 2001 From: Nadrieril Date: Wed, 27 Sep 2017 15:59:38 +0100 Subject: [PATCH 2/5] firefox.syncserver service: Fix permissions --- nixos/modules/services/networking/firefox/sync-server.nix | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/nixos/modules/services/networking/firefox/sync-server.nix b/nixos/modules/services/networking/firefox/sync-server.nix index 974914ebe1eb..c0b1673b6c34 100644 --- a/nixos/modules/services/networking/firefox/sync-server.nix +++ b/nixos/modules/services/networking/firefox/sync-server.nix @@ -142,16 +142,21 @@ in preStart = '' if ! test -e ${cfg.privateConfig}; then - mkdir -m 700 -p $(dirname ${cfg.privateConfig}) + mkdir -p $(dirname ${cfg.privateConfig}) echo > ${cfg.privateConfig} '[syncserver]' + chmod 600 ${cfg.privateConfig} echo >> ${cfg.privateConfig} "secret = $(head -c 20 /dev/urandom | sha1sum | tr -d ' -')" fi + chmod 600 ${cfg.privateConfig} + chmod 755 $(dirname ${cfg.privateConfig}) chown ${user}:${group} ${cfg.privateConfig} + '' + optionalString (cfg.sqlUri == defaultSqlUri) '' if ! test -e $(dirname ${defaultDbLocation}); then mkdir -m 700 -p $(dirname ${defaultDbLocation}) chown ${user}:${group} $(dirname ${defaultDbLocation}) fi + # Move previous database file if it exists oldDb="/var/db/firefox-sync-server.db" if test -f $oldDb; then From 8851ef84c8a8963b6ad13bf4c2318fe48bfcd3ab Mon Sep 17 00:00:00 2001 From: Nadrieril Date: Wed, 27 Sep 2017 16:03:18 +0100 Subject: [PATCH 3/5] firefox.syncserver service: Add nadrieril to maintainers --- lib/maintainers.nix | 1 + nixos/modules/services/networking/firefox/sync-server.nix | 2 ++ 2 files changed, 3 insertions(+) diff --git a/lib/maintainers.nix b/lib/maintainers.nix index de8627b0804a..242372ef3a7b 100644 --- a/lib/maintainers.nix +++ b/lib/maintainers.nix @@ -446,6 +446,7 @@ mudri = "James Wood "; muflax = "Stefan Dorn "; myrl = "Myrl Hex "; + nadrieril = "Nadrieril Feneanar "; namore = "Roman Naumann "; nand0p = "Fernando Jose Pando "; Nate-Devv = "Nathan Moore "; diff --git a/nixos/modules/services/networking/firefox/sync-server.nix b/nixos/modules/services/networking/firefox/sync-server.nix index c0b1673b6c34..1a660ccd0559 100644 --- a/nixos/modules/services/networking/firefox/sync-server.nix +++ b/nixos/modules/services/networking/firefox/sync-server.nix @@ -33,6 +33,8 @@ let in { + meta.maintainers = with lib.maintainers; [ nadrieril ]; + options = { services.firefox.syncserver = { enable = mkOption { From ae416b47cf2a2185747cf1540b4e14ff1b6b49a8 Mon Sep 17 00:00:00 2001 From: Nadrieril Date: Thu, 19 Oct 2017 23:22:10 +0100 Subject: [PATCH 4/5] firefox.syncserver service: Fix missing dependency --- nixos/modules/services/networking/firefox/sync-server.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/nixos/modules/services/networking/firefox/sync-server.nix b/nixos/modules/services/networking/firefox/sync-server.nix index 1a660ccd0559..97d223a56cab 100644 --- a/nixos/modules/services/networking/firefox/sync-server.nix +++ b/nixos/modules/services/networking/firefox/sync-server.nix @@ -127,7 +127,7 @@ in config = mkIf cfg.enable { systemd.services.syncserver = let - syncServerEnv = pkgs.python.withPackages(ps: with ps; [ syncserver pasteScript ]); + syncServerEnv = pkgs.python.withPackages(ps: with ps; [ syncserver pasteScript requests ]); user = "syncserver"; group = "syncserver"; in { From 9f5d779641389e135fda838e5559eca09edd4cff Mon Sep 17 00:00:00 2001 From: Nadrieril Date: Fri, 8 Dec 2017 22:23:14 +0000 Subject: [PATCH 5/5] Mark services.firefox.syncserver.{user,group} as removed --- nixos/modules/rename.nix | 2 ++ 1 file changed, 2 insertions(+) diff --git a/nixos/modules/rename.nix b/nixos/modules/rename.nix index eb10d4f428be..473a832c6500 100644 --- a/nixos/modules/rename.nix +++ b/nixos/modules/rename.nix @@ -198,6 +198,8 @@ with lib; "See the 16.09 release notes for more information.") (mkRemovedOptionModule [ "services" "phpfpm" "phpIni" ] "") (mkRemovedOptionModule [ "services" "dovecot2" "package" ] "") + (mkRemovedOptionModule [ "services" "firefox" "syncserver" "user" ] "") + (mkRemovedOptionModule [ "services" "firefox" "syncserver" "group" ] "") (mkRemovedOptionModule [ "fonts" "fontconfig" "hinting" "style" ] "") (mkRemovedOptionModule [ "services" "xserver" "displayManager" "sddm" "themes" ] "Set the option `services.xserver.displayManager.sddm.package' instead.")