public/nixpkgs
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

nixos/supybot: stateDir in /var/lib, use tmpfiles

Browse Source 
Moving the stateDir is needed in order to use ProtectSystem=strict
systemd option.
This commit is contained in:
Martin Milata 2020-02-11 17:52:48 +01:00
parent 6301e0af06
commit b150e08169
1 changed files with 21 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

29
nixos/modules/services/networking/supybot.nix
View File

@ -20,15 +20,18 @@ in
}; };
stateDir = mkOption { stateDir = mkOption {
# Setting this to /var/lib/supybot caused useradd to fail type = types.path;
default = "/home/supybot"; default = if versionAtLeast config.system.stateVersion "20.09"
then "/var/lib/supybot"
else "/home/supybot";
defaultText = "/var/lib/supybot";
description = "The root directory, logs and plugins are stored here"; description = "The root directory, logs and plugins are stored here";
}; };
configFile = mkOption { configFile = mkOption {
type = types.path; type = types.path;
description = '' description = ''
Path to a supybot config file. This can be generated by Path to initial supybot config file. This can be generated by
running supybot-wizard. running supybot-wizard.
Note: all paths should include the full path to the stateDir Note: all paths should include the full path to the stateDir
@ -50,7 +53,7 @@ in
group = "supybot"; group = "supybot";
description = "Supybot IRC bot user"; description = "Supybot IRC bot user";
home = cfg.stateDir; home = cfg.stateDir;
createHome = true; isSystemUser = true;
}; };
users.groups.supybot = { users.groups.supybot = {
@ -63,11 +66,8 @@ in
wantedBy = [ "multi-user.target" ]; wantedBy = [ "multi-user.target" ];
path = [ pkgs.pythonPackages.limnoria ]; path = [ pkgs.pythonPackages.limnoria ];
preStart = '' preStart = ''
cd ${cfg.stateDir}
mkdir -p backup conf data plugins logs/plugins tmp web
ln -sf ${cfg.configFile} supybot.cfg
# This needs to be created afresh every time # This needs to be created afresh every time
rm -f supybot.cfg.bak rm -f '${cfg.stateDir}/supybot.cfg.bak'
''; '';
serviceConfig = { serviceConfig = {
@ -82,5 +82,18 @@ in
}; };
}; };
systemd.tmpfiles.rules = [
"d '${cfg.stateDir}' 0700 supybot supybot - -"
"d '${cfg.stateDir}/backup' 0750 supybot supybot - -"
"d '${cfg.stateDir}/conf' 0750 supybot supybot - -"
"d '${cfg.stateDir}/data' 0750 supybot supybot - -"
"d '${cfg.stateDir}/plugins' 0750 supybot supybot - -"
"d '${cfg.stateDir}/logs' 0750 supybot supybot - -"
"d '${cfg.stateDir}/logs/plugins' 0750 supybot supybot - -"
"d '${cfg.stateDir}/tmp' 0750 supybot supybot - -"
"d '${cfg.stateDir}/web' 0750 supybot supybot - -"
"L '${cfg.stateDir}/supybot.cfg' - - - - ${cfg.configFile}"
];
}; };
} }