diff options
author | Aaron Andersen <aaron@fosslib.net> | 2022-06-26 22:45:18 +0200 |
---|---|---|
committer | GitHub <noreply@github.com> | 2022-06-26 22:45:18 +0200 |
commit | 28562b800e6699df055946c2a6b7bf7449122d23 (patch) | |
tree | 2c308b9401ca52aaaf68deee382ae6e1cd6b3fec /nixos | |
parent | 50fdd2d827a416068196141dd8237ff422886f19 (diff) | |
parent | 078a53824e87e8616c447576f976bf05113d68a8 (diff) |
Merge pull request #178154 from aanderse/nixos/prosody
nixos/prosody: conditionally provision required directories with StateDirectory
Diffstat (limited to 'nixos')
-rw-r--r-- | nixos/modules/services/networking/prosody.nix | 79 |
1 files changed, 52 insertions, 27 deletions
diff --git a/nixos/modules/services/networking/prosody.nix b/nixos/modules/services/networking/prosody.nix index 7920e4b263457..9e8db04e62241 100644 --- a/nixos/modules/services/networking/prosody.nix +++ b/nixos/modules/services/networking/prosody.nix @@ -511,8 +511,13 @@ in dataDir = mkOption { type = types.path; - description = "Directory where Prosody stores its data"; default = "/var/lib/prosody"; + description = '' + The prosody home directory used to store all data. If left as the default value + this directory will automatically be created before the prosody server starts, otherwise + you are responsible for ensuring the directory exists with appropriate ownership + and permissions. + ''; }; disco_items = mkOption { @@ -524,13 +529,29 @@ in user = mkOption { type = types.str; default = "prosody"; - description = "User account under which prosody runs."; + description = '' + User account under which prosody runs. + + <note><para> + If left as the default value this user will automatically be created + on system activation, otherwise you are responsible for + ensuring the user exists before the prosody service starts. + </para></note> + ''; }; group = mkOption { type = types.str; default = "prosody"; - description = "Group account under which prosody runs."; + description = '' + Group account under which prosody runs. + + <note><para> + If left as the default value this group will automatically be created + on system activation, otherwise you are responsible for + ensuring the group exists before the prosody service starts. + </para></note> + ''; }; allowRegistration = mkOption { @@ -839,9 +860,8 @@ in users.users.prosody = mkIf (cfg.user == "prosody") { uid = config.ids.uids.prosody; description = "Prosody user"; - createHome = true; inherit (cfg) group; - home = "${cfg.dataDir}"; + home = cfg.dataDir; }; users.groups.prosody = mkIf (cfg.group == "prosody") { @@ -854,28 +874,33 @@ in wants = [ "network-online.target" ]; wantedBy = [ "multi-user.target" ]; restartTriggers = [ config.environment.etc."prosody/prosody.cfg.lua".source ]; - serviceConfig = { - User = cfg.user; - Group = cfg.group; - Type = "forking"; - RuntimeDirectory = [ "prosody" ]; - PIDFile = "/run/prosody/prosody.pid"; - ExecStart = "${cfg.package}/bin/prosodyctl start"; - ExecReload = "${pkgs.coreutils}/bin/kill -HUP $MAINPID"; - - MemoryDenyWriteExecute = true; - PrivateDevices = true; - PrivateMounts = true; - PrivateTmp = true; - ProtectControlGroups = true; - ProtectHome = true; - ProtectHostname = true; - ProtectKernelModules = true; - ProtectKernelTunables = true; - RestrictNamespaces = true; - RestrictRealtime = true; - RestrictSUIDSGID = true; - }; + serviceConfig = mkMerge [ + { + User = cfg.user; + Group = cfg.group; + Type = "forking"; + RuntimeDirectory = [ "prosody" ]; + PIDFile = "/run/prosody/prosody.pid"; + ExecStart = "${cfg.package}/bin/prosodyctl start"; + ExecReload = "${pkgs.coreutils}/bin/kill -HUP $MAINPID"; + + MemoryDenyWriteExecute = true; + PrivateDevices = true; + PrivateMounts = true; + PrivateTmp = true; + ProtectControlGroups = true; + ProtectHome = true; + ProtectHostname = true; + ProtectKernelModules = true; + ProtectKernelTunables = true; + RestrictNamespaces = true; + RestrictRealtime = true; + RestrictSUIDSGID = true; + } + (mkIf (cfg.dataDir == "/var/lib/prosody") { + StateDirectory = "prosody"; + }) + ]; }; }; |