From cceed7d4afe6d8b8728f72e91d802988ba552266 Mon Sep 17 00:00:00 2001 From: Jörg Thalheim Date: Sun, 3 Dec 2023 17:07:48 +0100 Subject: nixos/harmonia: allocate user DynamicUser seem to broken in combination with the nix-daemon. (cherry picked from commit a8a9c443534ee0424d572f98b76b3b3520ae7716) --- nixos/modules/services/networking/harmonia.nix | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) (limited to 'nixos') diff --git a/nixos/modules/services/networking/harmonia.nix b/nixos/modules/services/networking/harmonia.nix index 4733165cf7d19..2bf912cb1a362 100644 --- a/nixos/modules/services/networking/harmonia.nix +++ b/nixos/modules/services/networking/harmonia.nix @@ -29,6 +29,11 @@ in config = lib.mkIf cfg.enable { nix.settings.extra-allowed-users = [ "harmonia" ]; + users.users.harmonia = { + isSystemUser = true; + group = "harmonia"; + }; + users.groups.harmonia = { }; systemd.services.harmonia = { description = "harmonia binary cache service"; @@ -50,7 +55,6 @@ in ExecStart = lib.getExe cfg.package; User = "harmonia"; Group = "harmonia"; - DynamicUser = true; PrivateUsers = true; DeviceAllow = [ "" ]; UMask = "0066"; -- cgit 1.4.1 From 58d434d6a2bd1d2d73f1e87a53353b0194a0cfb5 Mon Sep 17 00:00:00 2001 From: Jörg Thalheim Date: Sat, 18 Nov 2023 13:45:20 +0100 Subject: nixos/harmonia: test if extra-allowed-users works (cherry picked from commit 522027049213b69986bd20ac0f2e991873bc5ae2) --- nixos/tests/harmonia.nix | 3 +++ 1 file changed, 3 insertions(+) (limited to 'nixos') diff --git a/nixos/tests/harmonia.nix b/nixos/tests/harmonia.nix index 6cf9ad4d23358..a9beac82f8e12 100644 --- a/nixos/tests/harmonia.nix +++ b/nixos/tests/harmonia.nix @@ -13,6 +13,9 @@ networking.firewall.allowedTCPPorts = [ 5000 ]; system.extraDependencies = [ pkgs.emptyFile ]; + + # check that extra-allowed-users is effective for harmonia + nix.settings.allowed-users = []; }; client01 = { -- cgit 1.4.1