From e2426336691d27cc926f30e1b8f9114ebe4e911b Mon Sep 17 00:00:00 2001 From: Bernardo Meurer Date: Wed, 4 Aug 2021 10:55:12 -0700 Subject: [PATCH] nixos/hqplayerd: remove configurable user/group The service is adamant that it must run under the right user, so let's just enforce it. --- nixos/modules/services/audio/hqplayerd.nix | 32 ++++++---------------- 1 file changed, 8 insertions(+), 24 deletions(-) diff --git a/nixos/modules/services/audio/hqplayerd.nix b/nixos/modules/services/audio/hqplayerd.nix index 7d221e5b6dea..be1d48494857 100644 --- a/nixos/modules/services/audio/hqplayerd.nix +++ b/nixos/modules/services/audio/hqplayerd.nix @@ -56,22 +56,6 @@ in Open TCP port 8088 in the firewall for the server. ''; }; - - user = mkOption { - type = types.str; - default = "hqplayer"; - description = '' - User account under which hqplayerd runs. - ''; - }; - - group = mkOption { - type = types.str; - default = "hqplayer"; - description = '' - Group account under which hqplayerd runs. - ''; - }; }; }; @@ -100,9 +84,9 @@ in systemd = { tmpfiles.rules = [ - "d ${configDir} 0755 ${cfg.user} ${cfg.group} - -" - "d ${stateDir} 0755 ${cfg.user} ${cfg.group} - -" - "d ${stateDir}/home 0755 ${cfg.user} ${cfg.group} - -" + "d ${configDir} 0755 hqplayer hqplayer - -" + "d ${stateDir} 0755 hqplayer hqplayer - -" + "d ${stateDir}/home 0755 hqplayer hqplayer - -" ]; services.hqplayerd = { @@ -130,8 +114,8 @@ in serviceConfig = { ExecStart = "${pkg}/bin/hqplayerd"; - User = cfg.user; - Group = cfg.group; + User = "hqplayer"; + Group = "hqplayer"; Restart = "on-failure"; RestartSec = 5; @@ -145,15 +129,15 @@ in }; }; - users.groups = mkIf (cfg.group == "hqplayer") { + users.groups = { hqplayer.gid = config.ids.gids.hqplayer; }; - users.users = mkIf (cfg.user == "hqplayer") { + users.users = { hqplayer = { description = "hqplayer daemon user"; extraGroups = [ "audio" ]; - group = cfg.group; + group = "hqplayer"; uid = config.ids.uids.hqplayer; }; };