1 files changed,
20 insertions(+),
2 deletions(-)
Author:
Oleksandr Smirnov
olexsmir@gmail.com
Committed at:
2026-04-23 20:18:00 +0300
Authored at:
2026-04-23 20:17:46 +0300
Change ID:
ryntonpqlsmmoylxtouyyvptkstktsyz
Parent:
01ec2af
M
flake.nix
··· 28 28 options.services.rss-tools = { 29 29 enable = mkEnableOption "rss-tools service"; 30 30 31 + user = mkOption { 32 + type = types.str; 33 + default = "rss-tools"; 34 + description = "User account under which rss-tools runs."; 35 + }; 36 + 37 + group = mkOption { 38 + type = types.str; 39 + default = "rss-tools"; 40 + description = "Group under which rss-tools runs."; 41 + }; 42 + 31 43 package = mkOption { 32 44 type = types.package; 33 45 default = self.packages.${pkgs.stdenv.hostPlatform.system}.rss-tools; ··· 58 70 } 59 71 ]; 60 72 73 + users.groups.${cfg.group} = { }; 74 + users.users.${cfg.user} = { 75 + isSystemUser = true; 76 + group = cfg.group; 77 + }; 78 + 61 79 systemd.services.rss-tools = { 62 80 description = "rss-tools service"; 63 81 wantedBy = [ "multi-user.target" ]; 64 82 after = [ "network.target" ]; 65 83 serviceConfig = { 66 84 Type = "simple"; 67 - DynamicUser = true; 85 + User = cfg.user; 86 + Group = cfg.group; 68 87 StateDirectory = "rss-tools"; 69 88 WorkingDirectory = "%S/rss-tools"; 70 89 ExecStart = "${cfg.package}/bin/rss-tools --config ${cfg.settingsFile} --db ${cfg.dbPath}"; ··· 74 93 PrivateTmp = true; 75 94 ProtectSystem = "strict"; 76 95 ProtectHome = true; 77 - ReadWritePaths = [ (builtins.dirOf cfg.dbPath) ]; 78 96 }; 79 97 }; 80 98 };