mirror of
https://github.com/NixOS/nixpkgs.git
synced 2025-01-22 14:45:27 +00:00
nixos/nebula: simply service user logic
This commit is contained in:
parent
e8eaea9627
commit
b52a8f67dd
|
@ -139,12 +139,7 @@ in
|
|||
|
||||
# Implementation
|
||||
|
||||
config =
|
||||
let
|
||||
# The service needs to launch as root to access the tun device, if it's enabled.
|
||||
serviceUser = if cfg.tun.disable then "nebula" else "root";
|
||||
serviceGroup = if cfg.tun.disable then "nebula" else "root";
|
||||
in mkIf cfg.enable {
|
||||
config = mkIf cfg.enable {
|
||||
services.nebula.settings = {
|
||||
pki = {
|
||||
ca = cfg.ca;
|
||||
|
@ -179,13 +174,18 @@ in
|
|||
after = [ "network.target" ];
|
||||
before = [ "sshd.service" ];
|
||||
wantedBy = [ "multi-user.target" ];
|
||||
serviceConfig = {
|
||||
serviceConfig = mkMerge [
|
||||
{
|
||||
Type = "simple";
|
||||
Restart = "always";
|
||||
User = serviceUser;
|
||||
Group = serviceGroup;
|
||||
ExecStart = "${cfg.package}/bin/nebula -config ${configFile}";
|
||||
};
|
||||
}
|
||||
# The service needs to launch as root to access the tun device, if it's enabled.
|
||||
(mkIf cfg.tun.disable {
|
||||
User = "nebula";
|
||||
Group = "nebula";
|
||||
})
|
||||
];
|
||||
};
|
||||
|
||||
# Open the chosen port for UDP.
|
||||
|
|
Loading…
Reference in a new issue