ops/nixos: create permanent quotesdb user

Stop relying on DynamicUser because it messes a bit with postgres' auth.
This commit is contained in:
Luke Granger-Brown 2022-01-01 21:49:23 +00:00
parent 3318874168
commit 8cc6e2001a

View file

@ -75,6 +75,12 @@ in
}]; }];
}; };
users.users.quotesdb = {
isSystemUser = true;
group = "nginx";
};
users.groups.quotesdb = {};
systemd.services.quotesdb = { systemd.services.quotesdb = {
wantedBy = [ "multi-user.target" ]; wantedBy = [ "multi-user.target" ];
after = [ "network.target" ]; after = [ "network.target" ];
@ -86,7 +92,7 @@ in
EnvironmentFile = secrets.quotesdb.environment; EnvironmentFile = secrets.quotesdb.environment;
RuntimeDirectory = "quotesdb"; RuntimeDirectory = "quotesdb";
ExecStart = "${pkg}/bin/quotes --workers 3 --bind unix:${sock}"; ExecStart = "${pkg}/bin/quotes --workers 3 --bind unix:${sock}";
DynamicUser = true; User = "quotesdb";
Group = "nginx"; Group = "nginx";
UMask = "0007"; UMask = "0007";
}; };