From fd0723169f8acf64de9c663f8d9d6eb5cbb852a2 Mon Sep 17 00:00:00 2001
From: Colin <colin@uninsane.org>
Date: Fri, 19 Jan 2024 21:34:45 +0000
Subject: [PATCH] nix-serve: fix coredump loop

---
 hosts/common/ids.nix          | 2 ++
 modules/services/nixserve.nix | 8 ++++++++
 2 files changed, 10 insertions(+)

diff --git a/hosts/common/ids.nix b/hosts/common/ids.nix
index 3bb83f94..3a8b9c81 100644
--- a/hosts/common/ids.nix
+++ b/hosts/common/ids.nix
@@ -57,6 +57,8 @@
   sane.ids.bitcoind-mainnet.gid = 2418;
   sane.ids.clightning.uid = 2419;
   sane.ids.clightning.gid = 2419;
+  sane.ids.nix-serve.uid = 2420;
+  sane.ids.nix-serve.gid = 2420;
 
   sane.ids.colin.uid = 1000;
   sane.ids.guest.uid = 1100;
diff --git a/modules/services/nixserve.nix b/modules/services/nixserve.nix
index cafca0e7..79b984ef 100644
--- a/modules/services/nixserve.nix
+++ b/modules/services/nixserve.nix
@@ -41,6 +41,14 @@ in
       inherit (cfg) port secretKeyFile;
     };
 
+    # XXX(2024/01/19): upstream service specifies `User=nix-serve`, `Group=nix-serve` but doesn't define the users.
+    # this causes a coredump loop from within a nix-serve subprocess.
+    users.users.nix-serve = {
+      group = "nix-serve";
+      isSystemUser = true;
+    };
+    users.groups.nix-serve = {};
+
     # act as a remote builder
     nix.settings.trusted-users = [ "nixremote" ];
     users.users.nixremote = {