ops/nixos: create permanent quotesdb user
Stop relying on DynamicUser because it messes a bit with postgres' auth.
This commit is contained in:
parent
3318874168
commit
8cc6e2001a
1 changed files with 7 additions and 1 deletions
|
@ -75,6 +75,12 @@ in
|
||||||
}];
|
}];
|
||||||
};
|
};
|
||||||
|
|
||||||
|
users.users.quotesdb = {
|
||||||
|
isSystemUser = true;
|
||||||
|
group = "nginx";
|
||||||
|
};
|
||||||
|
users.groups.quotesdb = {};
|
||||||
|
|
||||||
systemd.services.quotesdb = {
|
systemd.services.quotesdb = {
|
||||||
wantedBy = [ "multi-user.target" ];
|
wantedBy = [ "multi-user.target" ];
|
||||||
after = [ "network.target" ];
|
after = [ "network.target" ];
|
||||||
|
@ -86,7 +92,7 @@ in
|
||||||
EnvironmentFile = secrets.quotesdb.environment;
|
EnvironmentFile = secrets.quotesdb.environment;
|
||||||
RuntimeDirectory = "quotesdb";
|
RuntimeDirectory = "quotesdb";
|
||||||
ExecStart = "${pkg}/bin/quotes --workers 3 --bind unix:${sock}";
|
ExecStart = "${pkg}/bin/quotes --workers 3 --bind unix:${sock}";
|
||||||
DynamicUser = true;
|
User = "quotesdb";
|
||||||
Group = "nginx";
|
Group = "nginx";
|
||||||
UMask = "0007";
|
UMask = "0007";
|
||||||
};
|
};
|
||||||
|
|
Loading…
Reference in a new issue