diff options
| author | Jörg Thalheim <joerg@thalheim.io> | 2020-12-12 09:29:40 +0100 |
|---|---|---|
| committer | Jörg Thalheim <joerg@thalheim.io> | 2021-07-18 08:51:17 +0200 |
| commit | ac7b8724b59974c0d74f2feacc4a2a787a5cf122 (patch) | |
| tree | 054235c04fe0a7e21a78d187a90dd49a5c41cf95 /nixos/modules | |
| parent | 2489eb5e4516aab575ab114b7e0a3e1b5c5daca7 (diff) | |
| download | nixpkgs-ac7b8724b59974c0d74f2feacc4a2a787a5cf122.tar nixpkgs-ac7b8724b59974c0d74f2feacc4a2a787a5cf122.tar.gz nixpkgs-ac7b8724b59974c0d74f2feacc4a2a787a5cf122.tar.bz2 nixpkgs-ac7b8724b59974c0d74f2feacc4a2a787a5cf122.tar.lz nixpkgs-ac7b8724b59974c0d74f2feacc4a2a787a5cf122.tar.xz nixpkgs-ac7b8724b59974c0d74f2feacc4a2a787a5cf122.tar.zst nixpkgs-ac7b8724b59974c0d74f2feacc4a2a787a5cf122.zip | |
nixos/nix-serve: don't run as nogroup
nogroup is insecure if shared
Diffstat (limited to 'nixos/modules')
| -rw-r--r-- | nixos/modules/misc/ids.nix | 2 | ||||
| -rw-r--r-- | nixos/modules/services/networking/nix-serve.nix | 8 |
2 files changed, 3 insertions, 7 deletions
diff --git a/nixos/modules/misc/ids.nix b/nixos/modules/misc/ids.nix index 2cbbbc522e1..858c7ee53db 100644 --- a/nixos/modules/misc/ids.nix +++ b/nixos/modules/misc/ids.nix @@ -229,7 +229,7 @@ in grafana = 196; skydns = 197; # ripple-rest = 198; # unused, removed 2017-08-12 - nix-serve = 199; + # nix-serve = 199; # unused, removed 2020-12-12 tvheadend = 200; uwsgi = 201; gitit = 202; diff --git a/nixos/modules/services/networking/nix-serve.nix b/nixos/modules/services/networking/nix-serve.nix index b17f35c769b..7fc145f2303 100644 --- a/nixos/modules/services/networking/nix-serve.nix +++ b/nixos/modules/services/networking/nix-serve.nix @@ -69,13 +69,9 @@ in ExecStart = "${pkgs.nix-serve}/bin/nix-serve " + "--listen ${cfg.bindAddress}:${toString cfg.port} ${cfg.extraParams}"; User = "nix-serve"; - Group = "nogroup"; + Group = "nix-serve"; + DynamicUser = true; }; }; - - users.users.nix-serve = { - description = "Nix-serve user"; - uid = config.ids.uids.nix-serve; - }; }; } |