1
0
Fork 1
mirror of https://github.com/NixOS/nixpkgs.git synced 2025-01-22 14:45:27 +00:00

nixos/nebula: simply service user logic

This commit is contained in:
Aaron Andersen 2021-02-09 20:45:17 -05:00
parent e8eaea9627
commit b52a8f67dd

View file

@ -139,12 +139,7 @@ in
# Implementation
config =
let
# The service needs to launch as root to access the tun device, if it's enabled.
serviceUser = if cfg.tun.disable then "nebula" else "root";
serviceGroup = if cfg.tun.disable then "nebula" else "root";
in mkIf cfg.enable {
config = mkIf cfg.enable {
services.nebula.settings = {
pki = {
ca = cfg.ca;
@ -179,13 +174,18 @@ in
after = [ "network.target" ];
before = [ "sshd.service" ];
wantedBy = [ "multi-user.target" ];
serviceConfig = {
serviceConfig = mkMerge [
{
Type = "simple";
Restart = "always";
User = serviceUser;
Group = serviceGroup;
ExecStart = "${cfg.package}/bin/nebula -config ${configFile}";
};
}
# The service needs to launch as root to access the tun device, if it's enabled.
(mkIf cfg.tun.disable {
User = "nebula";
Group = "nebula";
})
];
};
# Open the chosen port for UDP.