Merge pull request #14346 from rnhmjoj/syncthing-daemon

syncthing: run daemon with dedicated user as default
2016-04-01 00:07:53 +00:00 · 2016-04-01 00:07:53 +00:00 · ba90ae904e
commit ba90ae904e
parent d8abfc87c6 a98a918b10
2 changed files with 27 additions and 8 deletions
--- a/nixos/modules/misc/ids.nix
+++ b/nixos/modules/misc/ids.nix
@ -257,6 +257,7 @@
      radicale = 234;
      hydra-queue-runner = 235;
      hydra-www = 236;
+      syncthing = 237;

      # When adding a uid, make sure it doesn't match an existing gid. And don't use uids above 399!

@ -485,6 +486,7 @@
      pdnsd = 229;
      octoprint = 230;
      radicale = 234;
+      syncthing = 237;

      # When adding a gid, make sure it doesn't match an existing
      # uid. Users and groups with the same name should have equal
--- a/nixos/modules/services/networking/syncthing.nix
+++ b/nixos/modules/services/networking/syncthing.nix
@ -5,6 +5,7 @@ with lib;
 let

  cfg = config.services.syncthing;
+  defaultUser = "syncthing";

 in

@ -17,6 +18,7 @@ in
    services.syncthing = {

      enable = mkOption {
+        type = types.bool;
        default = false;
        description = ''
          Whether to enable the Syncthing, self-hosted open-source alternative
@ -26,7 +28,8 @@ in
      };

      user = mkOption {
-        default = "syncthing";
+        type = types.string;
+        default = defaultUser;
        description = ''
          Syncthing will be run under this user (user must exist,
          this can be your user name).
@ -34,8 +37,8 @@ in
      };

      all_proxy = mkOption {
-        type = types.string;
-        default = "";
+        type = types.nullOr types.string;
+        default = null;
        example = "socks5://address.com:1234";
        description = ''
          Overwrites all_proxy environment variable for the syncthing process to
@ -45,6 +48,7 @@ in
      };

      dataDir = mkOption {
+        type = types.path;
        default = "/var/lib/syncthing";
        description = ''
          Path where the settings and keys will exist.
@ -71,20 +75,33 @@ in

  config = mkIf cfg.enable {

+    users = mkIf (cfg.user == defaultUser) {
+      extraUsers."${defaultUser}" =
+        { group = defaultUser;
+          home  = cfg.dataDir;
+          createHome = true;
+          uid = config.ids.uids.syncthing;
+          description = "Syncthing daemon user";
+        };
+
+      extraGroups."${defaultUser}".gid =
+        config.ids.gids.syncthing;
+    };
+
    systemd.services.syncthing =
      {
        description = "Syncthing service";
-        after = [ "network.target" ];
+        after    = [ "network.target" ];
        wantedBy = [ "multi-user.target" ];
        environment = {
          STNORESTART = "yes";  # do not self-restart
          STNOUPGRADE = "yes";
-        } //
-        (config.networking.proxy.envVars) //
-        (if cfg.all_proxy != "" then { all_proxy = cfg.all_proxy; } else {});
+          inherit (cfg) all_proxy;
+        } // config.networking.proxy.envVars;

        serviceConfig = {
-          User = "${cfg.user}";
+          User  = cfg.user;
+          Group = optionalString (cfg.user == defaultUser) defaultUser;
          PermissionsStartOnly = true;
          Restart = "on-failure";
          ExecStart = "${pkgs.syncthing}/bin/syncthing -no-browser -home=${cfg.dataDir}";