nixos/taskserver: Use nixos-taskdctl in preStart
Finally, this is where we declaratively set up our organisations and users/groups, which looks like this in the system configuration: services.taskserver.organisations.NixOS.users = [ "alice" "bob" ]; This automatically sets up "alice" and "bob" for the "NixOS" organisation, generates the required client keys and signs it via the CA. However, we still need to use nixos-taskdctl export-user in order to import these certificates on the client. Signed-off-by: aszlig <aszlig@redmoonstudios.org>
This commit is contained in:
parent
227229653a
commit
0141b4887d
@ -719,8 +719,24 @@ in {
|
||||
|
||||
environment.TASKDDATA = cfg.dataDir;
|
||||
|
||||
preStart = ''
|
||||
${concatStrings (mapAttrsToList (orgName: attrs: ''
|
||||
${ctlcmd} add-org ${mkShellStr orgName}
|
||||
|
||||
${concatMapStrings (user: ''
|
||||
echo Creating ${user} >&2
|
||||
${ctlcmd} add-user ${mkShellStr orgName} ${mkShellStr user}
|
||||
'') attrs.users}
|
||||
|
||||
${concatMapStrings (group: ''
|
||||
${ctlcmd} add-group ${mkShellStr orgName} ${mkShellStr user}
|
||||
'') attrs.groups}
|
||||
'') cfg.organisations)}
|
||||
'';
|
||||
|
||||
serviceConfig = {
|
||||
ExecStart = "@${taskd} taskd server";
|
||||
PermissionsStartOnly = true;
|
||||
User = cfg.user;
|
||||
Group = cfg.group;
|
||||
};
|
||||
|
Loading…
Reference in New Issue
Block a user