From 149f846d3222f373fa226bb06ab9bce42f808f11 Mon Sep 17 00:00:00 2001 From: echtnurich Date: Wed, 7 Aug 2024 18:03:17 +0200 Subject: [PATCH] create yate service user --- config/hosts/yate/service.nix | 7 ++++--- config/hosts/yate/yate.nix | 13 ++++++++++--- 2 files changed, 14 insertions(+), 6 deletions(-) diff --git a/config/hosts/yate/service.nix b/config/hosts/yate/service.nix index 88302d7..bdaed23 100644 --- a/config/hosts/yate/service.nix +++ b/config/hosts/yate/service.nix @@ -9,7 +9,7 @@ sops.secrets."git_clone_key" = { mode = "0600"; - owner = "root"; + owner = "yate"; group = "yate-config"; restartUnits = [ "yate.service" ]; }; @@ -25,7 +25,7 @@ ExecStart = "${pkgs.yate}/bin/yate -c /etc/yate -e /etc/yate/share -Do"; Type="simple"; Restart="always"; - User="root"; + User="yate"; Group="yate-config"; StateDirectory = "yate"; StateDirectoryMode = "0775"; @@ -39,12 +39,13 @@ ${pkgs.git}/bin/git init /var/lib/yate ${pkgs.git}/bin/git -C /var/lib/yate remote add origin forgejo@git.hamburg.ccc.de:echtnurich/yate-config.git env GIT_SSH_COMMAND=\"${pkgs.openssh}/bin/ssh -i /run/secrets/git_clone_key\" ${pkgs.git}/bin/git -C /var/lib/yate pull -f --set-upstream + ${pkgs.git}/bin/git -C /var/lib/yate checkout --track -f origin/master echo \"New repo set up.\" fi test ${pkgs.openssh}/bin/ssh ${pkgs.git}/bin/git -C /var/lib/yate config --add safe.directory \"/var/lib/yate\" env GIT_SSH_COMMAND=\"${pkgs.openssh}/bin/ssh -i /run/secrets/git_clone_key\" ${pkgs.git}/bin/git -C /var/lib/yate fetch --all - ${pkgs.git}/bin/git -C /var/lib/yate checkout --track -f origin/master"; + ${pkgs.git}/bin/git -C /var/lib/yate checkout -f origin/master"; # ... }; } diff --git a/config/hosts/yate/yate.nix b/config/hosts/yate/yate.nix index a32df32..3f9b054 100644 --- a/config/hosts/yate/yate.nix +++ b/config/hosts/yate/yate.nix @@ -11,10 +11,17 @@ # Just disable it for now. networking.firewall.enable = false; - users.groups.yate-config = {}; - users.groups.yate-config.members = [ "colmema-deploy" "chaos" ]; + users.users.yate = { + description = "yate service user"; + group = "yate-config"; + isNormalUser = true; + }; - environment.etc.yate.user = "root"; + + users.groups.yate-config = {}; + users.groups.yate-config.members = [ "colmema-deploy" "chaos" "root" "yate"]; + + environment.etc.yate.user = "yate"; environment.etc.yate.group = "yate-config"; environment.etc.yate.mode = "symlink"; environment.etc.yate.source = "/var/lib/yate";