From 8cc6e2001ac310084a16926e8830eaa3a689ff4d Mon Sep 17 00:00:00 2001 From: Luke Granger-Brown Date: Sat, 1 Jan 2022 21:49:23 +0000 Subject: [PATCH] ops/nixos: create permanent quotesdb user Stop relying on DynamicUser because it messes a bit with postgres' auth. --- ops/nixos/lib/quotes.bfob.gg.nix | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/ops/nixos/lib/quotes.bfob.gg.nix b/ops/nixos/lib/quotes.bfob.gg.nix index f8075c31d5..c89fecf2e4 100644 --- a/ops/nixos/lib/quotes.bfob.gg.nix +++ b/ops/nixos/lib/quotes.bfob.gg.nix @@ -75,6 +75,12 @@ in }]; }; + users.users.quotesdb = { + isSystemUser = true; + group = "nginx"; + }; + users.groups.quotesdb = {}; + systemd.services.quotesdb = { wantedBy = [ "multi-user.target" ]; after = [ "network.target" ]; @@ -86,7 +92,7 @@ in EnvironmentFile = secrets.quotesdb.environment; RuntimeDirectory = "quotesdb"; ExecStart = "${pkg}/bin/quotes --workers 3 --bind unix:${sock}"; - DynamicUser = true; + User = "quotesdb"; Group = "nginx"; UMask = "0007"; };