Fix service uid/gids

2021-12-26 19:00:59 +00:00 · 2021-12-26 19:00:59 +00:00 · bd7e4a3193
commit bd7e4a3193
parent 9060cb6414
3 changed files with 28 additions and 11 deletions
--- a/configuration/ids.nix
+++ b/configuration/ids.nix
@ -4,6 +4,12 @@
  ids.uids = {
    # System user ids start at 400 (see nixos/modules/programs/shadow.nix)
    webserver = 400;
+    minecraft = 401;
    # The limit is 999
  };
+
+  ids.gids = {
+    webserver = 400;
+    minecraft = 401;
+  };
 }
--- a/configuration/services/minecraft.nix
+++ b/configuration/services/minecraft.nix
@ -54,6 +54,16 @@ in {
  nixpkgs.config.allowUnfreePredicate = pkg:
    builtins.elem (lib.getName pkg) [ "forge-server" ];

+  users = {
+    extraUsers.minecraft = {
+      uid = config.ids.uids.minecraft;
+      group = config.users.extraGroups.minecraft.name;
+      isSystemUser = true;
+      description = "Minecraft server user";
+    };
+    extraGroups.minecraft = { gid = config.ids.gids.minecraft; };
+  };
+
  virtualisation.oci-containers.containers.minecraft-voor-kia = let
    properties = ./configs/minecraft/voor-kia/server.properties;
    icon = ./configs/minecraft/voor-kia/server-icon.png;
@ -73,9 +83,8 @@ in {
      ];

      config = let
-        # Use the upstream minecraft uid
-        uid = toString config.ids.uids.minecraft;
-        gid = toString config.users.groups.nogroup.gid;
+        uid = toString config.users.extraUsers.minecraft.uid;
+        gid = toString config.users.extraGroups.minecraft.gid;
      in {
        Cmd = [ "forge-server" ] ++ minecraft-server-args;
        WorkingDir = "/var/lib/minecraft";
--- a/configuration/services/webserver.nix
+++ b/configuration/services/webserver.nix
@ -1,11 +1,15 @@
 { config, pkgs, ... }:

 {
-  users.extraUsers.webserver = {
+  users = {
+    extraUsers.webserver = {
      uid = config.ids.uids.webserver;
+      group = config.users.extraGroups.webserver.name;
      isSystemUser = true;
      description = "tlater.net web server user";
    };
+    extraGroups.webserver = { gid = config.ids.gids.webserver; };
+  };

  virtualisation.oci-containers.containers.webserver = {
    image = "tlaternet/webserver";
@ -16,10 +20,8 @@
      contents = pkgs.tlaternet-webserver.webserver;

      config = let
-        user = config.users.extraUsers.webserver;
-        group = config.users.groups.${user.group};
-        uid = toString user.uid;
-        gid = toString group.gid;
+        uid = toString config.users.extraUsers.webserver.uid;
+        gid = toString config.users.extraGroups.webserver.gid;
      in {
        Cmd = [ "tlaternet-webserver" ];
        Volumes = { "/srv/mail" = { }; };