3
0
Fork 0
forked from mirrors/nixpkgs
nixpkgs/nixos/modules/services
Dominique Martinet d8fa2627f3 mpd: remove user/group from conf
the options should not be set as we already change user with service
file, man mpd.conf says "Do not use this option if you start MPD as an
unprivileged user"

The group option actually is not documented at all anymore and probably
no longer exists.

These options get in the way of setting up confinement for the service,
as it would otherwise be pretty straightforward to setup, but even if
mpd is not root it would check the user exists within the chroot which
is more work (need to get nss working):

  systemd.services.mpd = {
    serviceConfig.BindPaths = [
      # mpd state dir
      "/var/lib/mpd"
      # notify systemd service started up
      "/run/systemd/notify"
    ];
    serviceConfig.BindReadOnlyPaths = [
      "/path/to/music:/var/lib/mpd/music"
    ];
    # ProtectSystem is not compatible with confinement
    serviceConfig.ProtectSystem = lib.mkForce false;
    confinement = {
      enable = true;
      binSh = null;
      mode = "chroot-only";
    };
  };
2020-05-10 20:24:33 +02:00
..
admin
amqp treewide: add bool type to enable options, or make use of mkEnableOption 2020-04-21 08:55:36 +02:00
audio mpd: remove user/group from conf 2020-05-10 20:24:33 +02:00
backup Merge pull request #83257 from rail/znapzend-0.20.0 2020-05-05 15:20:15 +01:00
cluster The systemd unit for k3s should differ between agents and servers 2020-04-23 07:55:23 +02:00
computing nixos/boinc: create boinc group 2020-03-25 13:26:31 +01:00
continuous-integration nixos/gitlab-runner: support multiple services 2020-05-02 11:59:57 +02:00
databases nixos/postgresql: refactor enable option 2020-05-07 10:59:07 +02:00
desktops Merge pull request #83400 from jtojnar/malcontent-0.7 2020-04-08 17:38:17 +02:00
development nixos/jupyter: Fix documentation example for jupyter.kernels (#56415) 2020-01-31 15:30:02 +01:00
editors treewide: use https for nixos.org and hydra.nixos.org 2020-05-03 22:14:21 -07:00
games
hardware treewide: add bool type to enable options, or make use of mkEnableOption 2020-04-21 08:55:36 +02:00
logging
mail Merge pull request #87255 from symphorien/dovecot-restart-module 2020-05-08 15:05:10 +01:00
misc Revert "nix-daemon.nix: Use 'nix ping-store' to initialize directories" 2020-05-07 12:39:22 +02:00
monitoring nixos/*: use $out instead of $bin with buildGoPackage 2020-04-28 20:30:29 +10:00
network-filesystems ipfs: remove ipfs repo fsck 2020-05-05 22:19:06 +00:00
networking Merge branch 'staging-next' 2020-05-06 08:20:05 +02:00
printing nixos/printing: make access to web-interface configurable 2020-04-25 19:48:34 +02:00
scheduling atd: systemd-udev-settle serves no purpose 2020-03-21 11:15:06 +08:00
search
security nixos/*: use $out instead of $bin with buildGoPackage 2020-04-28 20:30:29 +10:00
system nixos/nscd: be more specific in the nscd.enable description on what breaks 2020-04-25 18:11:10 +02:00
torrent nixos/deluge: remove p7zip from extraPackages defaults 2020-05-03 00:48:48 +02:00
ttys
wayland nixos/cage: move ConditionPathExists to service config 2020-03-09 00:47:49 +01:00
web-apps treewide: per RFC45, remove more unquoted URLs 2020-05-08 15:20:47 +02:00
web-servers nixos/unit: run Unit as root 2020-05-06 12:27:12 +03:00
x11 nixos/gdk-pixbuf.nix: don’t set GDK_PIXBUF_MODULE_FILE in cross 2020-05-07 14:39:42 -05:00