public/nixpkgs
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

nixos/do-agent: Use DynamicUser

Browse Source
This commit is contained in:
yvt 2019-10-03 01:30:41 +09:00
parent b1acc7dc8b
commit e3c1ecf111
1 changed files with 1 additions and 21 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

22
nixos/modules/services/monitoring/do-agent.nix
View File

@ -8,18 +8,6 @@ in
{ {
options.services.do-agent = { options.services.do-agent = {
enable = mkEnableOption "do-agent, the DigitalOcean droplet metrics agent"; enable = mkEnableOption "do-agent, the DigitalOcean droplet metrics agent";
user = mkOption {
type = types.str;
default = "do-agent";
description = "User account under which do-agent runs.";
};
group = mkOption {
type = types.str;
default = "do-agent";
description = "Group account under which do-agent runs.";
};
}; };
config = mkIf cfg.enable { config = mkIf cfg.enable {
@ -38,16 +26,8 @@ in
ProtectSystem = "full"; ProtectSystem = "full";
ProtectHome = "yes"; ProtectHome = "yes";
NoNewPrivileges = "yes"; NoNewPrivileges = "yes";
DynamicUser = "yes";
}; };
}; };
users.users = optionalAttrs (cfg.user == "do-agent") (singleton
{ name = "do-agent";
group = cfg.group;
});
users.groups = optionalAttrs (cfg.group == "do-agent") (singleton
{ name = "do-agent";
});
}; };
} }