nixos/supybot: stateDir in /var/lib, use tmpfiles

Moving the stateDir is needed in order to use ProtectSystem=strict systemd option.
2024-11-21 21:21:06 +00:00 · 2020-02-11 17:52:48 +01:00 · 2020-02-11 17:52:48 +01:00 · b150e08169
parent 6301e0af06
commit b150e08169
1 changed files with 21 additions and 8 deletions
--- a/nixos/modules/services/networking/supybot.nix
+++ b/nixos/modules/services/networking/supybot.nix
@ -20,15 +20,18 @@ in
      };

      stateDir = mkOption {
-        # Setting this to /var/lib/supybot caused useradd to fail
-        default = "/home/supybot";
+        type = types.path;
+        default = if versionAtLeast config.system.stateVersion "20.09"
+          then "/var/lib/supybot"
+          else "/home/supybot";
+        defaultText = "/var/lib/supybot";
        description = "The root directory, logs and plugins are stored here";
      };

      configFile = mkOption {
        type = types.path;
        description = ''
-          Path to a supybot config file. This can be generated by
+          Path to initial supybot config file. This can be generated by
          running supybot-wizard.

          Note: all paths should include the full path to the stateDir
@ -50,7 +53,7 @@ in
      group = "supybot";
      description = "Supybot IRC bot user";
      home = cfg.stateDir;
-      createHome = true;
+      isSystemUser = true;
    };

    users.groups.supybot = {
@ -63,11 +66,8 @@ in
      wantedBy = [ "multi-user.target" ];
      path = [ pkgs.pythonPackages.limnoria ];
      preStart = ''
-        cd ${cfg.stateDir}
-        mkdir -p backup conf data plugins logs/plugins tmp web
-        ln -sf ${cfg.configFile} supybot.cfg
        # This needs to be created afresh every time
-        rm -f supybot.cfg.bak
+        rm -f '${cfg.stateDir}/supybot.cfg.bak'
      '';

      serviceConfig = {
@ -82,5 +82,18 @@ in
      };
    };

+    systemd.tmpfiles.rules = [
+      "d '${cfg.stateDir}'              0700 supybot supybot - -"
+      "d '${cfg.stateDir}/backup'       0750 supybot supybot - -"
+      "d '${cfg.stateDir}/conf'         0750 supybot supybot - -"
+      "d '${cfg.stateDir}/data'         0750 supybot supybot - -"
+      "d '${cfg.stateDir}/plugins'      0750 supybot supybot - -"
+      "d '${cfg.stateDir}/logs'         0750 supybot supybot - -"
+      "d '${cfg.stateDir}/logs/plugins' 0750 supybot supybot - -"
+      "d '${cfg.stateDir}/tmp'          0750 supybot supybot - -"
+      "d '${cfg.stateDir}/web'          0750 supybot supybot - -"
+      "L '${cfg.stateDir}/supybot.cfg'  -    -       -       - ${cfg.configFile}"
+    ];
+
  };
 }