public/nixpkgs
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Merge pull request #14346 from rnhmjoj/syncthing-daemon

Browse Source 
syncthing: run daemon with dedicated user as default
This commit is contained in:
joachifm 2016-04-01 00:07:53 +00:00
commit ba90ae904e
2 changed files with 27 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
nixos/modules/misc/ids.nix
View File

@ -257,6 +257,7 @@
radicale = 234; radicale = 234;
hydra-queue-runner = 235; hydra-queue-runner = 235;
hydra-www = 236; hydra-www = 236;
syncthing = 237;
# When adding a uid, make sure it doesn't match an existing gid. And don't use uids above 399! # When adding a uid, make sure it doesn't match an existing gid. And don't use uids above 399!
@ -485,6 +486,7 @@
pdnsd = 229; pdnsd = 229;
octoprint = 230; octoprint = 230;
radicale = 234; radicale = 234;
syncthing = 237;
# When adding a gid, make sure it doesn't match an existing # When adding a gid, make sure it doesn't match an existing
# uid. Users and groups with the same name should have equal # uid. Users and groups with the same name should have equal

31
nixos/modules/services/networking/syncthing.nix
View File

@ -5,6 +5,7 @@ with lib;
let let
cfg = config.services.syncthing; cfg = config.services.syncthing;
defaultUser = "syncthing";
in in
@ -17,6 +18,7 @@ in
services.syncthing = { services.syncthing = {
enable = mkOption { enable = mkOption {
type = types.bool;
default = false; default = false;
description = '' description = ''
Whether to enable the Syncthing, self-hosted open-source alternative Whether to enable the Syncthing, self-hosted open-source alternative
@ -26,7 +28,8 @@ in
}; };
user = mkOption { user = mkOption {
default = "syncthing"; type = types.string;
default = defaultUser;
description = '' description = ''
Syncthing will be run under this user (user must exist, Syncthing will be run under this user (user must exist,
this can be your user name). this can be your user name).
@ -34,8 +37,8 @@ in
}; };
all_proxy = mkOption { all_proxy = mkOption {
type = types.string; type = types.nullOr types.string;
default = ""; default = null;
example = "socks5://address.com:1234"; example = "socks5://address.com:1234";
description = '' description = ''
Overwrites all_proxy environment variable for the syncthing process to Overwrites all_proxy environment variable for the syncthing process to
@ -45,6 +48,7 @@ in
}; };
dataDir = mkOption { dataDir = mkOption {
type = types.path;
default = "/var/lib/syncthing"; default = "/var/lib/syncthing";
description = '' description = ''
Path where the settings and keys will exist. Path where the settings and keys will exist.
@ -71,6 +75,19 @@ in
config = mkIf cfg.enable { config = mkIf cfg.enable {
users = mkIf (cfg.user == defaultUser) {
extraUsers."${defaultUser}" =
{ group = defaultUser;
home = cfg.dataDir;
createHome = true;
uid = config.ids.uids.syncthing;
description = "Syncthing daemon user";
};
extraGroups."${defaultUser}".gid =
config.ids.gids.syncthing;
};
systemd.services.syncthing = systemd.services.syncthing =
{ {
description = "Syncthing service"; description = "Syncthing service";
@ -79,12 +96,12 @@ in
environment = { environment = {
STNORESTART = "yes"; # do not self-restart STNORESTART = "yes"; # do not self-restart
STNOUPGRADE = "yes"; STNOUPGRADE = "yes";
} // inherit (cfg) all_proxy;
(config.networking.proxy.envVars) // } // config.networking.proxy.envVars;
(if cfg.all_proxy != "" then { all_proxy = cfg.all_proxy; } else {});
serviceConfig = { serviceConfig = {
User = "${cfg.user}"; User = cfg.user;
Group = optionalString (cfg.user == defaultUser) defaultUser;
PermissionsStartOnly = true; PermissionsStartOnly = true;
Restart = "on-failure"; Restart = "on-failure";
ExecStart = "${pkgs.syncthing}/bin/syncthing -no-browser -home=${cfg.dataDir}"; ExecStart = "${pkgs.syncthing}/bin/syncthing -no-browser -home=${cfg.dataDir}";