diff options
author | Joachim Fasting <joachifm@fastmail.fm> | 2016-12-05 12:27:51 +0100 |
---|---|---|
committer | Joachim Fasting <joachifm@fastmail.fm> | 2016-12-05 13:37:08 +0100 |
commit | 3dcdc2d2b054933a5812411c44a11bb4114b309e (patch) | |
tree | 738e7a286c5e60a178c5bfa7f287d823c2a8ff5c /nixos/modules/services/networking/privoxy.nix | |
parent | ad88f1040e2556ba678afb33dac28387ddd3543a (diff) | |
download | nixpkgs-3dcdc2d2b054933a5812411c44a11bb4114b309e.tar nixpkgs-3dcdc2d2b054933a5812411c44a11bb4114b309e.tar.gz nixpkgs-3dcdc2d2b054933a5812411c44a11bb4114b309e.tar.bz2 nixpkgs-3dcdc2d2b054933a5812411c44a11bb4114b309e.tar.lz nixpkgs-3dcdc2d2b054933a5812411c44a11bb4114b309e.tar.xz nixpkgs-3dcdc2d2b054933a5812411c44a11bb4114b309e.tar.zst nixpkgs-3dcdc2d2b054933a5812411c44a11bb4114b309e.zip |
privoxy service: remove static uid
The service owns no data, having a static uid serves no purpose. This frees up uid/gid 32
Diffstat (limited to 'nixos/modules/services/networking/privoxy.nix')
-rw-r--r-- | nixos/modules/services/networking/privoxy.nix | 18 |
1 files changed, 9 insertions, 9 deletions
diff --git a/nixos/modules/services/networking/privoxy.nix b/nixos/modules/services/networking/privoxy.nix index e74fe44d76e..49ca839a2c3 100644 --- a/nixos/modules/services/networking/privoxy.nix +++ b/nixos/modules/services/networking/privoxy.nix @@ -6,8 +6,6 @@ let inherit (pkgs) privoxy; - privoxyUser = "privoxy"; - cfg = config.services.privoxy; confFile = pkgs.writeText "privoxy.conf" '' @@ -88,18 +86,20 @@ in ###### implementation config = mkIf cfg.enable { - - users.extraUsers = singleton - { name = privoxyUser; - uid = config.ids.uids.privoxy; - description = "Privoxy daemon user"; - }; + + users.users.privoxy = { + isSystemUser = true; + home = "/var/empty"; + group = "privoxy"; + }; + + users.groups.privoxy = {}; systemd.services.privoxy = { description = "Filtering web proxy"; after = [ "network.target" "nss-lookup.target" ]; wantedBy = [ "multi-user.target" ]; - serviceConfig.ExecStart = "${privoxy}/sbin/privoxy --no-daemon --user ${privoxyUser} ${confFile}"; + serviceConfig.ExecStart = "${privoxy}/bin/privoxy --no-daemon --user privoxy ${confFile}"; serviceConfig.PrivateDevices = true; serviceConfig.PrivateTmp = true; |