From 96d69e40f24409758a8effc70027285b79d8846b Mon Sep 17 00:00:00 2001
From: Martin Weinelt <hexa@darmstadt.ccc.de>
Date: Sun, 5 Dec 2021 21:16:39 +0100
Subject: nixos/zigbee2mqtt: run as zigbee2mqtt group

Not setting a group is a security defect, since that will run the unit
under the root group.

Fixes: 1af87596 ("nixos/zigbee2mqtt: init")
---
 nixos/modules/services/misc/zigbee2mqtt.nix | 1 +
 1 file changed, 1 insertion(+)

(limited to 'nixos')

diff --git a/nixos/modules/services/misc/zigbee2mqtt.nix b/nixos/modules/services/misc/zigbee2mqtt.nix
index 94b68a13beac9..ff6d595e5a6e3 100644
--- a/nixos/modules/services/misc/zigbee2mqtt.nix
+++ b/nixos/modules/services/misc/zigbee2mqtt.nix
@@ -79,6 +79,7 @@ in
       serviceConfig = {
         ExecStart = "${cfg.package}/bin/zigbee2mqtt";
         User = "zigbee2mqtt";
+        Group = "zigbee2mqtt";
         WorkingDirectory = cfg.dataDir;
         Restart = "on-failure";
 
-- 
cgit 1.4.1