Skip to content

Commit

Permalink
nixos/murmur: support setting user and group for service
Browse files Browse the repository at this point in the history
  • Loading branch information
@DCsunset
DCsunset committed Oct 16, 2024
1 parent ceb908a commit c554357
Showing 1 changed file with 24 additions and 6 deletions.
30 changes: 24 additions & 6 deletions nixos/modules/services/networking/murmur.nix
View file
Original file line number Diff line number Diff line change
Expand Up @@ -69,6 +69,24 @@ in
'';
};

user = mkOption {
type = types.str;
default = "murmur";
description = ''
The name of an existing user to use to run the service.
If not specified, the default user will be created.
'';
};

group = mkOption {
type = types.str;
default = "murmur";
description = ''
The name of an existing group to use to run the service.
If not specified, the default group will be created.
'';
};

stateDir = mkOption {
type = types.str;
default = "/var/lib/murmur";
Expand Down Expand Up @@ -297,14 +315,14 @@ in
};

config = mkIf cfg.enable {
users.users.murmur = {
users.users.murmur = mkIf (cfg.user == "murmur") {
description = "Murmur Service user";
home = cfg.stateDir;
createHome = true;
uid = config.ids.uids.murmur;
group = "murmur";
group = cfg.group;
};
users.groups.murmur = {
users.groups.murmur = mkIf (cfg.group == "murmur") {
gid = config.ids.gids.murmur;
};

Expand Down Expand Up @@ -332,8 +350,8 @@ in
Restart = "always";
RuntimeDirectory = "murmur";
RuntimeDirectoryMode = "0700";
User = "murmur";
Group = "murmur";
User = cfg.user;
Group = cfg.group;

# service hardening
AmbientCapabilities = "CAP_NET_BIND_SERVICE";
Expand Down Expand Up @@ -370,7 +388,7 @@ in
"-//freedesktop//DTD D-BUS Bus Configuration 1.0//EN"
"http://www.freedesktop.org/standards/dbus/1.0/busconfig.dtd">
<busconfig>
<policy user="murmur">
<policy user="${cfg.user}">
<allow own="net.sourceforge.mumble.murmur"/>
</policy>
Expand Down

0 comments on commit c554357

Please sign in to comment.