lheckemann/binary-cache
0
0
Fork 0
forked from yu-re-ka/binary-cache
Code Pull requests Activity

fix(module): disable dynamicuser again

Browse source
This commit is contained in:
Yureka 2024-07-22 02:23:15 +02:00
parent 2b485d822c
commit 8e3c7f0efc
1 changed files with 3 additions and 2 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

5
modules/default.nix
View file

@ -127,6 +127,7 @@ in
config = lib.mkIf cfg.enable { config = lib.mkIf cfg.enable {
environment.systemPackages = [ pkgs.tvix ]; environment.systemPackages = [ pkgs.tvix ];
users.users.tvix-castore = { };
users.groups.tvix-castore = { }; users.groups.tvix-castore = { };
systemd.tmpfiles.rules = [ "d ${cfg.castoreDir} 770 root tvix-castore -" ]; systemd.tmpfiles.rules = [ "d ${cfg.castoreDir} 770 root tvix-castore -" ];
@ -143,7 +144,7 @@ in
ExecStart = "${pkgs.tvix}/bin/tvix-store --otlp=false daemon --listen-address=\"${cache.grpcListenAddress}\""; ExecStart = "${pkgs.tvix}/bin/tvix-store --otlp=false daemon --listen-address=\"${cache.grpcListenAddress}\"";
StateDirectory = "tvix-daemon-${cache.name}"; StateDirectory = "tvix-daemon-${cache.name}";
RuntimeDirectory = "tvix-daemon-${cache.name}"; RuntimeDirectory = "tvix-daemon-${cache.name}";
DynamicUser = true; User = "tvix-castore";
Group = "tvix-castore"; Group = "tvix-castore";
ReadWritePaths = cfg.castoreDir; ReadWritePaths = cfg.castoreDir;
} // systemdHardening; } // systemdHardening;
@ -158,7 +159,7 @@ in
serviceConfig = { serviceConfig = {
UMask = "007"; UMask = "007";
ExecStart = "${pkgs.tvix}/bin/nar-bridge --otlp=false --listen-address=\"${cache.narBridgeListenAddress}\""; ExecStart = "${pkgs.tvix}/bin/nar-bridge --otlp=false --listen-address=\"${cache.narBridgeListenAddress}\"";
DynamicUser = true; User = "tvix-castore";
Group = "tvix-castore"; Group = "tvix-castore";
RuntimeDirectory = "narbridge-${cache.name}"; RuntimeDirectory = "narbridge-${cache.name}";
ReadWritePaths = cfg.castoreDir; ReadWritePaths = cfg.castoreDir;