diff options
author | euxane <euxane.trangirard@pacien.net> | 2024-05-29 20:42:27 +0200 |
---|---|---|
committer | euxane <euxane.trangirard@pacien.net> | 2024-05-30 00:40:12 +0200 |
commit | 6ee84bcda0a817434597dba0e5789cc8b7232d58 (patch) | |
tree | 163dbd43d1487fda384986d081f33894795401ab /nixos | |
parent | 1777f0649490c45819933639cd2a46ed4e4f99b6 (diff) |
nixos/stalwart-mail: do not use DynamicUser
This service stores a large number of files for its blob store and some of its databases. This is not compatible with `DynamicUser`, which `chown`s everything in the state directory every time the service is started. Therefore, we now use a static system user and group instead. See https://github.com/NixOS/nixpkgs/pull/313634#discussion_r1609960417
Diffstat (limited to 'nixos')
-rw-r--r-- | nixos/modules/services/mail/stalwart-mail.nix | 14 |
1 files changed, 13 insertions, 1 deletions
diff --git a/nixos/modules/services/mail/stalwart-mail.nix b/nixos/modules/services/mail/stalwart-mail.nix index 68606698e59f1..7dd22ad92b439 100644 --- a/nixos/modules/services/mail/stalwart-mail.nix +++ b/nixos/modules/services/mail/stalwart-mail.nix @@ -48,6 +48,18 @@ in { ]; }; + # This service stores a potentially large amount of data. + # Running it as a dynamic user would force chown to be run everytime the + # service is restarted on a potentially large number of files. + # That would cause unnecessary and unwanted delays. + users = { + groups.stalwart-mail = { }; + users.stalwart-mail = { + isSystemUser = true; + group = "stalwart-mail"; + }; + }; + systemd.services.stalwart-mail = { wantedBy = [ "multi-user.target" ]; after = [ "local-fs.target" "network.target" ]; @@ -71,8 +83,8 @@ in { StandardError = "journal"; SyslogIdentifier = "stalwart-mail"; - DynamicUser = true; User = "stalwart-mail"; + Group = "stalwart-mail"; StateDirectory = "stalwart-mail"; # Bind standard privileged ports |