nixos/stalwart-mail: do not use DynamicUser

This service stores a large number of files for its blob store and some
of its databases. This is not compatible with `DynamicUser`, which
`chown`s everything in the state directory every time the service is
started. Therefore, we now use a static system user and group instead.

See https://github.com/NixOS/nixpkgs/pull/313634#discussion_r1609960417

1 files changed, 13 insertions, 1 deletions

diff --git a/nixos/modules/services/mail/stalwart-mail.nix b/nixos/modules/services/mail/stalwart-mail.nix
index 68606698e59f1..7dd22ad92b439 100644
--- a/nixos/modules/services/mail/stalwart-mail.nix
+++ b/nixos/modules/services/mail/stalwart-mail.nix
@@ -48,6 +48,18 @@ in {
       ];
     };
 
+    # This service stores a potentially large amount of data.
+    # Running it as a dynamic user would force chown to be run everytime the
+    # service is restarted on a potentially large number of files.
+    # That would cause unnecessary and unwanted delays.
+    users = {
+      groups.stalwart-mail = { };
+      users.stalwart-mail = {
+        isSystemUser = true;
+        group = "stalwart-mail";
+      };
+    };
+
     systemd.services.stalwart-mail = {
       wantedBy = [ "multi-user.target" ];
       after = [ "local-fs.target" "network.target" ];
@@ -71,8 +83,8 @@ in {
         StandardError = "journal";
         SyslogIdentifier = "stalwart-mail";
 
-        DynamicUser = true;
         User = "stalwart-mail";
+        Group = "stalwart-mail";
         StateDirectory = "stalwart-mail";
 
         # Bind standard privileged ports