From bd7e4a319328da315222d9c37b3629d7a9566621 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Tristan=20Dani=C3=ABl=20Maat?= Date: Sun, 26 Dec 2021 19:00:59 +0000 Subject: [PATCH] Fix service uid/gids --- configuration/ids.nix | 6 ++++++ configuration/services/minecraft.nix | 15 ++++++++++++--- configuration/services/webserver.nix | 18 ++++++++++-------- 3 files changed, 28 insertions(+), 11 deletions(-) diff --git a/configuration/ids.nix b/configuration/ids.nix index 895b976..5488ff0 100644 --- a/configuration/ids.nix +++ b/configuration/ids.nix @@ -4,6 +4,12 @@ ids.uids = { # System user ids start at 400 (see nixos/modules/programs/shadow.nix) webserver = 400; + minecraft = 401; # The limit is 999 }; + + ids.gids = { + webserver = 400; + minecraft = 401; + }; } diff --git a/configuration/services/minecraft.nix b/configuration/services/minecraft.nix index bf8f58f..23705ac 100644 --- a/configuration/services/minecraft.nix +++ b/configuration/services/minecraft.nix @@ -54,6 +54,16 @@ in { nixpkgs.config.allowUnfreePredicate = pkg: builtins.elem (lib.getName pkg) [ "forge-server" ]; + users = { + extraUsers.minecraft = { + uid = config.ids.uids.minecraft; + group = config.users.extraGroups.minecraft.name; + isSystemUser = true; + description = "Minecraft server user"; + }; + extraGroups.minecraft = { gid = config.ids.gids.minecraft; }; + }; + virtualisation.oci-containers.containers.minecraft-voor-kia = let properties = ./configs/minecraft/voor-kia/server.properties; icon = ./configs/minecraft/voor-kia/server-icon.png; @@ -73,9 +83,8 @@ in { ]; config = let - # Use the upstream minecraft uid - uid = toString config.ids.uids.minecraft; - gid = toString config.users.groups.nogroup.gid; + uid = toString config.users.extraUsers.minecraft.uid; + gid = toString config.users.extraGroups.minecraft.gid; in { Cmd = [ "forge-server" ] ++ minecraft-server-args; WorkingDir = "/var/lib/minecraft"; diff --git a/configuration/services/webserver.nix b/configuration/services/webserver.nix index c1966a5..d72b417 100644 --- a/configuration/services/webserver.nix +++ b/configuration/services/webserver.nix @@ -1,10 +1,14 @@ { config, pkgs, ... }: { - users.extraUsers.webserver = { - uid = config.ids.uids.webserver; - isSystemUser = true; - description = "tlater.net web server user"; + users = { + extraUsers.webserver = { + uid = config.ids.uids.webserver; + group = config.users.extraGroups.webserver.name; + isSystemUser = true; + description = "tlater.net web server user"; + }; + extraGroups.webserver = { gid = config.ids.gids.webserver; }; }; virtualisation.oci-containers.containers.webserver = { @@ -16,10 +20,8 @@ contents = pkgs.tlaternet-webserver.webserver; config = let - user = config.users.extraUsers.webserver; - group = config.users.groups.${user.group}; - uid = toString user.uid; - gid = toString group.gid; + uid = toString config.users.extraUsers.webserver.uid; + gid = toString config.users.extraGroups.webserver.gid; in { Cmd = [ "tlaternet-webserver" ]; Volumes = { "/srv/mail" = { }; };