fedd7cd690
This is slightly more verbose and inconvenient, but it forces you to think about what the wrapper ownership and permissions will be.
64 lines
1.5 KiB
Nix
64 lines
1.5 KiB
Nix
{ config, lib, pkgs, ... }:
|
|
|
|
with lib;
|
|
|
|
let
|
|
cfg = config.services.weechat;
|
|
in
|
|
|
|
{
|
|
options.services.weechat = {
|
|
enable = mkEnableOption "weechat";
|
|
root = mkOption {
|
|
description = "Weechat state directory.";
|
|
type = types.str;
|
|
default = "/var/lib/weechat";
|
|
};
|
|
sessionName = mkOption {
|
|
description = "Name of the `screen' session for weechat.";
|
|
default = "weechat-screen";
|
|
type = types.str;
|
|
};
|
|
binary = mkOption {
|
|
type = types.path;
|
|
description = "Binary to execute (by default \${weechat}/bin/weechat).";
|
|
example = literalExample ''
|
|
''${pkgs.weechat}/bin/weechat-headless
|
|
'';
|
|
default = "${pkgs.weechat}/bin/weechat";
|
|
};
|
|
};
|
|
|
|
config = mkIf cfg.enable {
|
|
users = {
|
|
groups.weechat = {};
|
|
users.weechat = {
|
|
createHome = true;
|
|
group = "weechat";
|
|
home = cfg.root;
|
|
isSystemUser = true;
|
|
};
|
|
};
|
|
|
|
systemd.services.weechat = {
|
|
environment.WEECHAT_HOME = cfg.root;
|
|
serviceConfig = {
|
|
User = "weechat";
|
|
Group = "weechat";
|
|
RemainAfterExit = "yes";
|
|
};
|
|
script = "exec ${config.security.wrapperDir}/screen -Dm -S ${cfg.sessionName} ${cfg.binary}";
|
|
wantedBy = [ "multi-user.target" ];
|
|
wants = [ "network.target" ];
|
|
};
|
|
|
|
security.wrappers.screen =
|
|
{ setuid = true;
|
|
owner = "root";
|
|
group = "root";
|
|
source = "${pkgs.screen}/bin/screen";
|
|
};
|
|
};
|
|
|
|
meta.doc = ./weechat.xml;
|
|
}
|