From cfad151ac56248dd6b74c298a4f864546ac78a3e Mon Sep 17 00:00:00 2001
From: Izorkin <izorkin@elven.pw>
Date: Tue, 14 Apr 2020 23:33:33 +0300
Subject: [PATCH] nixos/unit: run Unit as root

In latest release recommended not set ambient capabilities.
---
 nixos/modules/services/web-servers/unit/default.nix | 5 -----
 1 file changed, 5 deletions(-)

diff --git a/nixos/modules/services/web-servers/unit/default.nix b/nixos/modules/services/web-servers/unit/default.nix
index 59f03c923e6..989866144e1 100644
--- a/nixos/modules/services/web-servers/unit/default.nix
+++ b/nixos/modules/services/web-servers/unit/default.nix
@@ -108,11 +108,6 @@ in {
         ExecStop = ''
           ${pkgs.curl}/bin/curl -X DELETE --unix-socket '/run/unit/control.unit.sock' 'http://localhost/config'
         '';
-        # User and group
-        User = cfg.user;
-        Group = cfg.group;
-        # Capabilities
-        AmbientCapabilities = [ "CAP_NET_BIND_SERVICE" "CAP_SETGID" "CAP_SETUID" ];
         # Runtime directory and mode
         RuntimeDirectory = "unit";
         RuntimeDirectoryMode = "0750";