nixos/tandoor-recipes: improve manage script

This is shamelessly stolen from Photoprism's module, and should allow executing the manage script without resorting to various tricks due to relying on transient users.
author: Bruno BELANYI <bruno@belanyi.fr> 2024-03-22 20:48:15 +0000
committer: Bruno BELANYI <bruno@belanyi.fr> 2024-03-22 20:54:36 +0000
commit: af6e25787827e25a87bb874362ad380a2cfab199 (patch)
tree: 7fd1bd92e6e05d93e51f7d208e2281fd80f761c8 /nixos
parent: 6b1e9f77f96d2e01073c85f586200df47793cc28 (diff)
1 files changed, 4 insertions, 1 deletions
diff --git a/nixos/modules/services/misc/tandoor-recipes.nix b/nixos/modules/services/misc/tandoor-recipes.nix
index 1bdd7be406b9c..1b1fde78ad0a5 100644
--- a/nixos/modules/services/misc/tandoor-recipes.nix
+++ b/nixos/modules/services/misc/tandoor-recipes.nix
@@ -20,7 +20,10 @@ let
   manage = pkgs.writeShellScript "manage" ''
     set -o allexport # Export the following env vars
     ${lib.toShellVars env}
-    exec ${pkg}/bin/tandoor-recipes "$@"
+    eval "$(${config.systemd.package}/bin/systemctl show -pUID,GID,MainPID tandoor-recipes.service)"
+    exec ${pkgs.util-linux}/bin/nsenter \
+      -t $MainPID -m -S $UID -G $GID \
+      ${pkg}/bin/tandoor-recipes "$@"
   '';
 in
 {
author	Bruno BELANYI <bruno@belanyi.fr>	2024-03-22 20:48:15 +0000
committer	Bruno BELANYI <bruno@belanyi.fr>	2024-03-22 20:54:36 +0000
commit	af6e25787827e25a87bb874362ad380a2cfab199 (patch)
tree	7fd1bd92e6e05d93e51f7d208e2281fd80f761c8 /nixos
parent	6b1e9f77f96d2e01073c85f586200df47793cc28 (diff)