mirror of
https://github.com/SebastianWendel/nixpkgs.git
synced 2024-11-06 10:16:44 +01:00
f2639566b5
systemd user services shouldn't run as root and other "non-interactive" users
43 lines
776 B
Nix
43 lines
776 B
Nix
{ config, lib, pkgs, ... }:
|
|
with lib;
|
|
let
|
|
cfg = config.services.keybase;
|
|
|
|
in {
|
|
|
|
###### interface
|
|
|
|
options = {
|
|
|
|
services.keybase = {
|
|
|
|
enable = mkOption {
|
|
type = types.bool;
|
|
default = false;
|
|
description = "Whether to start the Keybase service.";
|
|
};
|
|
|
|
};
|
|
};
|
|
|
|
###### implementation
|
|
|
|
config = mkIf cfg.enable {
|
|
|
|
systemd.user.services.keybase = {
|
|
description = "Keybase service";
|
|
unitConfig.ConditionUser = "!@system";
|
|
serviceConfig = {
|
|
ExecStart = ''
|
|
${pkgs.keybase}/bin/keybase service --auto-forked
|
|
'';
|
|
Restart = "on-failure";
|
|
PrivateTmp = true;
|
|
};
|
|
wantedBy = [ "default.target" ];
|
|
};
|
|
|
|
environment.systemPackages = [ pkgs.keybase ];
|
|
};
|
|
}
|