mirror of
https://github.com/SebastianWendel/nixpkgs.git
synced 2024-09-21 12:59:04 +02:00
nixos/mautrix-whatsapp: use static user and group
The DynamicUser mechanism does not allow share the bridge registration.yaml file with matrix-synapse in any easy way: 1. the mautrix-whatsapp group under which the service runs is not in /etc/group, so you can't add matrix-synapse to this. This makes the group read bit on the file useless as the group is effectively always empty. 2. It's not possible to use ACLs or copy the file during preStart or postStart because the commands are executed with low priviledges. By using a normal (static) user/group the secret can be shared with synapse as follows: services.matrix_synapse.settings.app_service_config_files = [ "/var/lib/mautrix-whatsapp/whatsapp-registration.yaml" ]; users.users.matrix-synapse.extraGroups = [ "mautrix-whatsapp" ];
This commit is contained in:
parent
e932745cb8
commit
9e0457115e
|
@ -117,6 +117,16 @@ in {
|
|||
};
|
||||
|
||||
config = lib.mkIf cfg.enable {
|
||||
|
||||
users.users.mautrix-whatsapp = {
|
||||
isSystemUser = true;
|
||||
group = "mautrix-whatsapp";
|
||||
home = dataDir;
|
||||
description = "Mautrix-WhatsApp bridge user";
|
||||
};
|
||||
|
||||
users.groups.mautrix-whatsapp = {};
|
||||
|
||||
services.mautrix-whatsapp.settings = {
|
||||
homeserver.domain = lib.mkDefault config.services.matrix-synapse.settings.server_name;
|
||||
};
|
||||
|
@ -158,10 +168,11 @@ in {
|
|||
'';
|
||||
|
||||
serviceConfig = {
|
||||
DynamicUser = true;
|
||||
User = "mautrix-whatsapp";
|
||||
Group = "mautrix-whatsapp";
|
||||
EnvironmentFile = cfg.environmentFile;
|
||||
StateDirectory = baseNameOf dataDir;
|
||||
WorkingDirectory = "${dataDir}";
|
||||
WorkingDirectory = dataDir;
|
||||
ExecStart = ''
|
||||
${pkgs.mautrix-whatsapp}/bin/mautrix-whatsapp \
|
||||
--config='${settingsFile}' \
|
||||
|
|
Loading…
Reference in a new issue