tlaternet/tlaternet-server
1
0
Fork 0
Code Issues 10 Pull requests Activity

Fix service uid/gids

Browse source
This commit is contained in:
Tristan Daniël Maat 2021-12-26 19:00:59 +00:00
parent 9060cb6414
commit bd7e4a3193
Signed by: tlater
GPG key ID: 49670FD774E43268
3 changed files with 28 additions and 11 deletions
Download patch file Download diff file Expand all files Collapse all files

6
configuration/ids.nix
View file

@ -4,6 +4,12 @@
ids.uids = { ids.uids = {
# System user ids start at 400 (see nixos/modules/programs/shadow.nix) # System user ids start at 400 (see nixos/modules/programs/shadow.nix)
webserver = 400; webserver = 400;
minecraft = 401;
# The limit is 999 # The limit is 999
}; };
ids.gids = {
webserver = 400;
minecraft = 401;
};
} }

15
configuration/services/minecraft.nix
View file

@ -54,6 +54,16 @@ in {
nixpkgs.config.allowUnfreePredicate = pkg: nixpkgs.config.allowUnfreePredicate = pkg:
builtins.elem (lib.getName pkg) [ "forge-server" ]; builtins.elem (lib.getName pkg) [ "forge-server" ];
users = {
extraUsers.minecraft = {
uid = config.ids.uids.minecraft;
group = config.users.extraGroups.minecraft.name;
isSystemUser = true;
description = "Minecraft server user";
};
extraGroups.minecraft = { gid = config.ids.gids.minecraft; };
};
virtualisation.oci-containers.containers.minecraft-voor-kia = let virtualisation.oci-containers.containers.minecraft-voor-kia = let
properties = ./configs/minecraft/voor-kia/server.properties; properties = ./configs/minecraft/voor-kia/server.properties;
icon = ./configs/minecraft/voor-kia/server-icon.png; icon = ./configs/minecraft/voor-kia/server-icon.png;
@ -73,9 +83,8 @@ in {
]; ];
config = let config = let
# Use the upstream minecraft uid uid = toString config.users.extraUsers.minecraft.uid;
uid = toString config.ids.uids.minecraft; gid = toString config.users.extraGroups.minecraft.gid;
gid = toString config.users.groups.nogroup.gid;
in { in {
Cmd = [ "forge-server" ] ++ minecraft-server-args; Cmd = [ "forge-server" ] ++ minecraft-server-args;
WorkingDir = "/var/lib/minecraft"; WorkingDir = "/var/lib/minecraft";

12
configuration/services/webserver.nix
View file

@ -1,11 +1,15 @@
{ config, pkgs, ... }: { config, pkgs, ... }:
{ {
users.extraUsers.webserver = { users = {
extraUsers.webserver = {
uid = config.ids.uids.webserver; uid = config.ids.uids.webserver;
group = config.users.extraGroups.webserver.name;
isSystemUser = true; isSystemUser = true;
description = "tlater.net web server user"; description = "tlater.net web server user";
}; };
extraGroups.webserver = { gid = config.ids.gids.webserver; };
};
virtualisation.oci-containers.containers.webserver = { virtualisation.oci-containers.containers.webserver = {
image = "tlaternet/webserver"; image = "tlaternet/webserver";
@ -16,10 +20,8 @@
contents = pkgs.tlaternet-webserver.webserver; contents = pkgs.tlaternet-webserver.webserver;
config = let config = let
user = config.users.extraUsers.webserver; uid = toString config.users.extraUsers.webserver.uid;
group = config.users.groups.${user.group}; gid = toString config.users.extraGroups.webserver.gid;
uid = toString user.uid;
gid = toString group.gid;
in { in {
Cmd = [ "tlaternet-webserver" ]; Cmd = [ "tlaternet-webserver" ];
Volumes = { "/srv/mail" = { }; }; Volumes = { "/srv/mail" = { }; };