From 6b1e9f77f96d2e01073c85f586200df47793cc28 Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Fri, 22 Mar 2024 20:47:55 +0000 Subject: [PATCH 1/2] nixos/tandoor-recipes: set service 'Group' --- nixos/modules/services/misc/tandoor-recipes.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/nixos/modules/services/misc/tandoor-recipes.nix b/nixos/modules/services/misc/tandoor-recipes.nix index a8300ecd5233..1bdd7be406b9 100644 --- a/nixos/modules/services/misc/tandoor-recipes.nix +++ b/nixos/modules/services/misc/tandoor-recipes.nix @@ -82,6 +82,7 @@ in Restart = "on-failure"; User = "tandoor_recipes"; + Group = "tandoor_recipes"; DynamicUser = true; StateDirectory = "tandoor-recipes"; WorkingDirectory = "/var/lib/tandoor-recipes"; From af6e25787827e25a87bb874362ad380a2cfab199 Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Fri, 22 Mar 2024 20:48:15 +0000 Subject: [PATCH 2/2] nixos/tandoor-recipes: improve manage script This is shamelessly stolen from Photoprism's module, and should allow executing the manage script without resorting to various tricks due to relying on transient users. --- nixos/modules/services/misc/tandoor-recipes.nix | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/nixos/modules/services/misc/tandoor-recipes.nix b/nixos/modules/services/misc/tandoor-recipes.nix index 1bdd7be406b9..1b1fde78ad0a 100644 --- a/nixos/modules/services/misc/tandoor-recipes.nix +++ b/nixos/modules/services/misc/tandoor-recipes.nix @@ -20,7 +20,10 @@ let manage = pkgs.writeShellScript "manage" '' set -o allexport # Export the following env vars ${lib.toShellVars env} - exec ${pkg}/bin/tandoor-recipes "$@" + eval "$(${config.systemd.package}/bin/systemctl show -pUID,GID,MainPID tandoor-recipes.service)" + exec ${pkgs.util-linux}/bin/nsenter \ + -t $MainPID -m -S $UID -G $GID \ + ${pkg}/bin/tandoor-recipes "$@" ''; in {