pyrox.dev / nixpkgs
lol
fork atom

radicale service: run with dedicated user

This is done in the context of #11908.

Pascal Wittmann a491b755 097e20cc

options
unified split
Changed files
+17
nixos
modules
misc
ids.nix
services
networking
radicale.nix
+2
nixos/modules/misc/ids.nix 
···

       
255

       
255

       
 

       
      avahi-autoipd = 231;


     

       
256

       
256

       
 

       
      nntp-proxy = 232;


     

       
257

       
257

       
 

       
      mjpg-streamer = 233;


     

       

       
258

       
+

       
      radicale = 234;


     

       
258

       
259

       
 

       



     

       
259

       
260

       
 

       
      # When adding a uid, make sure it doesn't match an existing gid. And don't use uids above 399!


     

       
260

       
261

       
 

       



     
···

       
483

       
484

       
 

       
      cfdyndns = 227;


     

       
484

       
485

       
 

       
      pdnsd = 229;


     

       
485

       
486

       
 

       
      octoprint = 230;


     

       

       
487

       
+

       
      radicale = 234;


     

       
486

       
488

       
 

       



     

       
487

       
489

       
 

       
      # When adding a gid, make sure it doesn't match an existing


     

       
488

       
490

       
 

       
      # uid. Users and groups with the same name should have equal
+15
nixos/modules/services/networking/radicale.nix 
···

       
35

       
35

       
 

       
  config = mkIf cfg.enable {


     

       
36

       
36

       
 

       
    environment.systemPackages = [ pkgs.pythonPackages.radicale ];


     

       
37

       
37

       
 

       



     

       

       
38

       
+

       
    users.extraUsers = singleton


     

       

       
39

       
+

       
      { name = "radicale";


     

       

       
40

       
+

       
        uid = config.ids.uids.radicale;


     

       

       
41

       
+

       
        description = "radicale user";


     

       

       
42

       
+

       
        home = "/var/lib/radicale";


     

       

       
43

       
+

       
        createHome = true;


     

       

       
44

       
+

       
      };


     

       

       
45

       
+

       



     

       

       
46

       
+

       
    users.extraGroups = singleton


     

       

       
47

       
+

       
      { name = "radicale";


     

       

       
48

       
+

       
        gid = config.ids.gids.radicale;


     

       

       
49

       
+

       
      };


     

       

       
50

       
+

       



     

       
38

       
51

       
 

       
    systemd.services.radicale = {


     

       
39

       
52

       
 

       
      description = "A Simple Calendar and Contact Server";


     

       
40

       
53

       
 

       
      after = [ "network-interfaces.target" ];


     

       
41

       
54

       
 

       
      wantedBy = [ "multi-user.target" ];


     

       
42

       
55

       
 

       
      script = "${pkgs.pythonPackages.radicale}/bin/radicale -C ${confFile} -d";


     

       
43

       
56

       
 

       
      serviceConfig.Type = "forking";


     

       

       
57

       
+

       
      serviceConfig.User = "radicale";


     

       

       
58

       
+

       
      serviceConfig.Group = "radicale";


     

       
44

       
59

       
 

       
    };


     

       
45

       
60

       
 

       
  };


     

       
46

       
61

       
 

       
}