nixos/podgrab: add user/group options

2024-03-21 19:14:45 +00:00 · 2024-03-21 19:14:45 +00:00 · 21a59137a6
parent 002f8266a0
commit 21a59137a6
1 changed files with 21 additions and 1 deletions
--- a/nixos/modules/services/misc/podgrab.nix
+++ b/nixos/modules/services/misc/podgrab.nix
@ -22,6 +22,18 @@ in
      example = 4242;
      description = lib.mdDoc "The port on which Podgrab will listen for incoming HTTP traffic.";
    };
+
+    user = mkOption {
+      type = types.str;
+      default = "podgrab";
+      description = "User under which Podgrab runs, and which owns the download directory.";
+    };
+
+    group = mkOption {
+      type = types.str;
+      default = "podgrab";
+      description = "Group under which Podgrab runs, and which owns the download directory.";
+    };
  };

  config = lib.mkIf cfg.enable {
@ -35,7 +47,8 @@ in
        PORT = toString cfg.port;
      };
      serviceConfig = {
-        DynamicUser = true;
+        User = cfg.user;
+        Group = cfg.group;
        EnvironmentFile = lib.optionals (cfg.passwordFile != null) [
          cfg.passwordFile
        ];
@ -44,6 +57,13 @@ in
        StateDirectory = [ "podgrab/config" "podgrab/data" ];
      };
    };
+
+    users.users.podgrab = lib.mkIf (cfg.user == "podgrab") {
+      isSystemUser = true;
+      group = cfg.group;
+    };
+
+    users.groups.podgrab = lib.mkIf (cfg.group == "podgrab") { };
  };

  meta.maintainers = with lib.maintainers; [ ambroisie ];