services: set isSystemUser for service users
'isSystemUser' has to be explicitly set in NixOS 21.05. Previously, it was the implicit default.
This commit is contained in:
parent
0ef66c920b
commit
e44f78ebb8
|
@ -388,7 +388,10 @@ in {
|
||||||
} // nbLib.allowLocalIPAddresses;
|
} // nbLib.allowLocalIPAddresses;
|
||||||
};
|
};
|
||||||
|
|
||||||
users.users.${cfg.user}.group = cfg.group;
|
users.users.${cfg.user} = {
|
||||||
|
isSystemUser = true;
|
||||||
|
group = cfg.group;
|
||||||
|
};
|
||||||
users.groups.${cfg.group} = {};
|
users.groups.${cfg.group} = {};
|
||||||
users.groups.bitcoinrpc-public = {};
|
users.groups.bitcoinrpc-public = {};
|
||||||
nix-bitcoin.operator.groups = [ cfg.group ];
|
nix-bitcoin.operator.groups = [ cfg.group ];
|
||||||
|
|
|
@ -230,6 +230,7 @@ in {
|
||||||
}; in self;
|
}; in self;
|
||||||
|
|
||||||
users.users.${cfg.nbxplorer.user} = {
|
users.users.${cfg.nbxplorer.user} = {
|
||||||
|
isSystemUser = true;
|
||||||
group = cfg.nbxplorer.group;
|
group = cfg.nbxplorer.group;
|
||||||
extraGroups = [ "bitcoinrpc-public" ]
|
extraGroups = [ "bitcoinrpc-public" ]
|
||||||
++ optional cfg.btcpayserver.lbtc cfg.liquidd.group;
|
++ optional cfg.btcpayserver.lbtc cfg.liquidd.group;
|
||||||
|
@ -237,6 +238,7 @@ in {
|
||||||
};
|
};
|
||||||
users.groups.${cfg.nbxplorer.group} = {};
|
users.groups.${cfg.nbxplorer.group} = {};
|
||||||
users.users.${cfg.btcpayserver.user} = {
|
users.users.${cfg.btcpayserver.user} = {
|
||||||
|
isSystemUser = true;
|
||||||
group = cfg.btcpayserver.group;
|
group = cfg.btcpayserver.group;
|
||||||
extraGroups = [ cfg.nbxplorer.group ]
|
extraGroups = [ cfg.nbxplorer.group ]
|
||||||
++ optional (cfg.btcpayserver.lightningBackend == "clightning") cfg.clightning.user;
|
++ optional (cfg.btcpayserver.lightningBackend == "clightning") cfg.clightning.user;
|
||||||
|
|
|
@ -133,8 +133,8 @@ in
|
||||||
};
|
};
|
||||||
|
|
||||||
users.users.${user} = {
|
users.users.${user} = {
|
||||||
group = group;
|
|
||||||
isSystemUser = true;
|
isSystemUser = true;
|
||||||
|
group = group;
|
||||||
};
|
};
|
||||||
users.groups.${group} = {};
|
users.groups.${group} = {};
|
||||||
};
|
};
|
||||||
|
|
|
@ -140,6 +140,7 @@ in {
|
||||||
};
|
};
|
||||||
|
|
||||||
users.users.${cfg.user} = {
|
users.users.${cfg.user} = {
|
||||||
|
isSystemUser = true;
|
||||||
group = cfg.group;
|
group = cfg.group;
|
||||||
extraGroups = [ "bitcoinrpc-public" ];
|
extraGroups = [ "bitcoinrpc-public" ];
|
||||||
};
|
};
|
||||||
|
|
|
@ -106,6 +106,7 @@ in {
|
||||||
};
|
};
|
||||||
|
|
||||||
users.users.${cfg.user} = {
|
users.users.${cfg.user} = {
|
||||||
|
isSystemUser = true;
|
||||||
group = cfg.group;
|
group = cfg.group;
|
||||||
extraGroups = [ "bitcoinrpc-public" ] ++ optionals cfg.high-memory [ bitcoind.user ];
|
extraGroups = [ "bitcoinrpc-public" ] ++ optionals cfg.high-memory [ bitcoind.user ];
|
||||||
};
|
};
|
||||||
|
|
|
@ -270,6 +270,7 @@ in {
|
||||||
};
|
};
|
||||||
|
|
||||||
users.users.${cfg.user} = {
|
users.users.${cfg.user} = {
|
||||||
|
isSystemUser = true;
|
||||||
group = cfg.group;
|
group = cfg.group;
|
||||||
home = cfg.dataDir;
|
home = cfg.dataDir;
|
||||||
# Allow access to the tor control socket, needed for payjoin onion service creation
|
# Allow access to the tor control socket, needed for payjoin onion service creation
|
||||||
|
|
|
@ -240,6 +240,7 @@ in {
|
||||||
};
|
};
|
||||||
|
|
||||||
users.users.${cfg.user} = {
|
users.users.${cfg.user} = {
|
||||||
|
isSystemUser = true;
|
||||||
group = cfg.group;
|
group = cfg.group;
|
||||||
extraGroups = [ "bitcoinrpc-public" ];
|
extraGroups = [ "bitcoinrpc-public" ];
|
||||||
};
|
};
|
||||||
|
|
|
@ -263,6 +263,7 @@ in {
|
||||||
};
|
};
|
||||||
|
|
||||||
users.users.${cfg.user} = {
|
users.users.${cfg.user} = {
|
||||||
|
isSystemUser = true;
|
||||||
group = cfg.group;
|
group = cfg.group;
|
||||||
extraGroups = [ "bitcoinrpc-public" ];
|
extraGroups = [ "bitcoinrpc-public" ];
|
||||||
home = cfg.dataDir; # lnd creates .lnd dir in HOME
|
home = cfg.dataDir; # lnd creates .lnd dir in HOME
|
||||||
|
|
|
@ -97,6 +97,7 @@ in {
|
||||||
};
|
};
|
||||||
|
|
||||||
users.users.recurring-donations = {
|
users.users.recurring-donations = {
|
||||||
|
isSystemUser = true;
|
||||||
group = "recurring-donations";
|
group = "recurring-donations";
|
||||||
extraGroups = [ config.services.clightning.group ];
|
extraGroups = [ config.services.clightning.group ];
|
||||||
};
|
};
|
||||||
|
|
|
@ -65,6 +65,7 @@ in {
|
||||||
services.clightning.enable = true;
|
services.clightning.enable = true;
|
||||||
|
|
||||||
users.users.${cfg.user} = {
|
users.users.${cfg.user} = {
|
||||||
|
isSystemUser = true;
|
||||||
group = cfg.group;
|
group = cfg.group;
|
||||||
extraGroups = [ config.services.clightning.group ];
|
extraGroups = [ config.services.clightning.group ];
|
||||||
};
|
};
|
||||||
|
|
Loading…
Reference in New Issue
Block a user