diff options
-rw-r--r-- | nixos/modules/services/networking/harmonia.nix | 6 | ||||
-rw-r--r-- | nixos/tests/harmonia.nix | 3 |
2 files changed, 8 insertions, 1 deletions
diff --git a/nixos/modules/services/networking/harmonia.nix b/nixos/modules/services/networking/harmonia.nix index 4733165cf7d19..2bf912cb1a362 100644 --- a/nixos/modules/services/networking/harmonia.nix +++ b/nixos/modules/services/networking/harmonia.nix @@ -29,6 +29,11 @@ in config = lib.mkIf cfg.enable { nix.settings.extra-allowed-users = [ "harmonia" ]; + users.users.harmonia = { + isSystemUser = true; + group = "harmonia"; + }; + users.groups.harmonia = { }; systemd.services.harmonia = { description = "harmonia binary cache service"; @@ -50,7 +55,6 @@ in ExecStart = lib.getExe cfg.package; User = "harmonia"; Group = "harmonia"; - DynamicUser = true; PrivateUsers = true; DeviceAllow = [ "" ]; UMask = "0066"; diff --git a/nixos/tests/harmonia.nix b/nixos/tests/harmonia.nix index 6cf9ad4d23358..a9beac82f8e12 100644 --- a/nixos/tests/harmonia.nix +++ b/nixos/tests/harmonia.nix @@ -13,6 +13,9 @@ networking.firewall.allowedTCPPorts = [ 5000 ]; system.extraDependencies = [ pkgs.emptyFile ]; + + # check that extra-allowed-users is effective for harmonia + nix.settings.allowed-users = []; }; client01 = { |