create yate service user

This commit is contained in:
echtnurich 2024-08-07 18:03:17 +02:00
parent fd525ee06f
commit 149f846d32
Signed by: echtnurich
SSH key fingerprint: SHA256:1eIkxME0VPeXC2WMl9Haus+q0SLFymSAWU7f6Z+A8Aw
2 changed files with 14 additions and 6 deletions

View file

@ -9,7 +9,7 @@
sops.secrets."git_clone_key" = { sops.secrets."git_clone_key" = {
mode = "0600"; mode = "0600";
owner = "root"; owner = "yate";
group = "yate-config"; group = "yate-config";
restartUnits = [ "yate.service" ]; restartUnits = [ "yate.service" ];
}; };
@ -25,7 +25,7 @@
ExecStart = "${pkgs.yate}/bin/yate -c /etc/yate -e /etc/yate/share -Do"; ExecStart = "${pkgs.yate}/bin/yate -c /etc/yate -e /etc/yate/share -Do";
Type="simple"; Type="simple";
Restart="always"; Restart="always";
User="root"; User="yate";
Group="yate-config"; Group="yate-config";
StateDirectory = "yate"; StateDirectory = "yate";
StateDirectoryMode = "0775"; StateDirectoryMode = "0775";
@ -39,12 +39,13 @@
${pkgs.git}/bin/git init /var/lib/yate ${pkgs.git}/bin/git init /var/lib/yate
${pkgs.git}/bin/git -C /var/lib/yate remote add origin forgejo@git.hamburg.ccc.de:echtnurich/yate-config.git ${pkgs.git}/bin/git -C /var/lib/yate remote add origin forgejo@git.hamburg.ccc.de:echtnurich/yate-config.git
env GIT_SSH_COMMAND=\"${pkgs.openssh}/bin/ssh -i /run/secrets/git_clone_key\" ${pkgs.git}/bin/git -C /var/lib/yate pull -f --set-upstream env GIT_SSH_COMMAND=\"${pkgs.openssh}/bin/ssh -i /run/secrets/git_clone_key\" ${pkgs.git}/bin/git -C /var/lib/yate pull -f --set-upstream
${pkgs.git}/bin/git -C /var/lib/yate checkout --track -f origin/master
echo \"New repo set up.\" echo \"New repo set up.\"
fi fi
test ${pkgs.openssh}/bin/ssh test ${pkgs.openssh}/bin/ssh
${pkgs.git}/bin/git -C /var/lib/yate config --add safe.directory \"/var/lib/yate\" ${pkgs.git}/bin/git -C /var/lib/yate config --add safe.directory \"/var/lib/yate\"
env GIT_SSH_COMMAND=\"${pkgs.openssh}/bin/ssh -i /run/secrets/git_clone_key\" ${pkgs.git}/bin/git -C /var/lib/yate fetch --all env GIT_SSH_COMMAND=\"${pkgs.openssh}/bin/ssh -i /run/secrets/git_clone_key\" ${pkgs.git}/bin/git -C /var/lib/yate fetch --all
${pkgs.git}/bin/git -C /var/lib/yate checkout --track -f origin/master"; ${pkgs.git}/bin/git -C /var/lib/yate checkout -f origin/master";
# ... # ...
}; };
} }

View file

@ -11,10 +11,17 @@
# Just disable it for now. # Just disable it for now.
networking.firewall.enable = false; networking.firewall.enable = false;
users.groups.yate-config = {}; users.users.yate = {
users.groups.yate-config.members = [ "colmema-deploy" "chaos" ]; description = "yate service user";
group = "yate-config";
isNormalUser = true;
};
environment.etc.yate.user = "root";
users.groups.yate-config = {};
users.groups.yate-config.members = [ "colmema-deploy" "chaos" "root" "yate"];
environment.etc.yate.user = "yate";
environment.etc.yate.group = "yate-config"; environment.etc.yate.group = "yate-config";
environment.etc.yate.mode = "symlink"; environment.etc.yate.mode = "symlink";
environment.etc.yate.source = "/var/lib/yate"; environment.etc.yate.source = "/var/lib/yate";