public/nixpkgs
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

nixos/nebula: simply service user logic

Browse Source
This commit is contained in:
Aaron Andersen 2021-02-09 20:45:17 -05:00
parent e8eaea9627
commit b52a8f67dd
1 changed files with 56 additions and 56 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

20
nixos/modules/services/networking/nebula.nix
View File

@ -139,12 +139,7 @@ in
# Implementation # Implementation
config = config = mkIf cfg.enable {
let
# The service needs to launch as root to access the tun device, if it's enabled.
serviceUser = if cfg.tun.disable then "nebula" else "root";
serviceGroup = if cfg.tun.disable then "nebula" else "root";
in mkIf cfg.enable {
services.nebula.settings = { services.nebula.settings = {
pki = { pki = {
ca = cfg.ca; ca = cfg.ca;
@ -179,13 +174,18 @@ in
after = [ "network.target" ]; after = [ "network.target" ];
before = [ "sshd.service" ]; before = [ "sshd.service" ];
wantedBy = [ "multi-user.target" ]; wantedBy = [ "multi-user.target" ];
serviceConfig = { serviceConfig = mkMerge [
{
Type = "simple"; Type = "simple";
Restart = "always"; Restart = "always";
User = serviceUser;
Group = serviceGroup;
ExecStart = "${cfg.package}/bin/nebula -config ${configFile}"; ExecStart = "${cfg.package}/bin/nebula -config ${configFile}";
}; }
# The service needs to launch as root to access the tun device, if it's enabled.
(mkIf cfg.tun.disable {
User = "nebula";
Group = "nebula";
})
];
}; };
# Open the chosen port for UDP. # Open the chosen port for UDP.