Fix service uid/gids

This commit is contained in:
Tristan Daniël Maat 2021-12-26 19:00:59 +00:00
parent 9060cb6414
commit bd7e4a3193
Signed by: tlater
GPG key ID: 49670FD774E43268
3 changed files with 28 additions and 11 deletions

View file

@ -4,6 +4,12 @@
ids.uids = {
# System user ids start at 400 (see nixos/modules/programs/shadow.nix)
webserver = 400;
minecraft = 401;
# The limit is 999
};
ids.gids = {
webserver = 400;
minecraft = 401;
};
}

View file

@ -54,6 +54,16 @@ in {
nixpkgs.config.allowUnfreePredicate = pkg:
builtins.elem (lib.getName pkg) [ "forge-server" ];
users = {
extraUsers.minecraft = {
uid = config.ids.uids.minecraft;
group = config.users.extraGroups.minecraft.name;
isSystemUser = true;
description = "Minecraft server user";
};
extraGroups.minecraft = { gid = config.ids.gids.minecraft; };
};
virtualisation.oci-containers.containers.minecraft-voor-kia = let
properties = ./configs/minecraft/voor-kia/server.properties;
icon = ./configs/minecraft/voor-kia/server-icon.png;
@ -73,9 +83,8 @@ in {
];
config = let
# Use the upstream minecraft uid
uid = toString config.ids.uids.minecraft;
gid = toString config.users.groups.nogroup.gid;
uid = toString config.users.extraUsers.minecraft.uid;
gid = toString config.users.extraGroups.minecraft.gid;
in {
Cmd = [ "forge-server" ] ++ minecraft-server-args;
WorkingDir = "/var/lib/minecraft";

View file

@ -1,11 +1,15 @@
{ config, pkgs, ... }:
{
users.extraUsers.webserver = {
users = {
extraUsers.webserver = {
uid = config.ids.uids.webserver;
group = config.users.extraGroups.webserver.name;
isSystemUser = true;
description = "tlater.net web server user";
};
extraGroups.webserver = { gid = config.ids.gids.webserver; };
};
virtualisation.oci-containers.containers.webserver = {
image = "tlaternet/webserver";
@ -16,10 +20,8 @@
contents = pkgs.tlaternet-webserver.webserver;
config = let
user = config.users.extraUsers.webserver;
group = config.users.groups.${user.group};
uid = toString user.uid;
gid = toString group.gid;
uid = toString config.users.extraUsers.webserver.uid;
gid = toString config.users.extraGroups.webserver.gid;
in {
Cmd = [ "tlaternet-webserver" ];
Volumes = { "/srv/mail" = { }; };