greg/nix-bitcoin
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

recurring-donations: Run under recurring-donations user

Browse Source
This commit is contained in:
nixbitcoin 2020-05-03 17:31:50 +02:00
parent 5d01ea7101
commit b8e10afe18
No known key found for this signature in database
GPG Key ID: DD11F9AD5308B3BA
1 changed files with 8 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

11
modules/recurring-donations.nix
View File

@ -78,6 +78,13 @@ in {
}; };
config = mkIf cfg.enable { config = mkIf cfg.enable {
users.users.recurring-donations = {
description = "recurring-donations User";
group = "recurring-donations";
extraGroups = [ "clightning" ];
};
users.groups.recurring-donations = {};
systemd.services.recurring-donations = { systemd.services.recurring-donations = {
description = "Run recurring-donations"; description = "Run recurring-donations";
requires = [ "clightning.service" ]; requires = [ "clightning.service" ];
@ -85,9 +92,7 @@ in {
path = with pkgs; [ nix-bitcoin.clightning curl torsocks sudo jq ]; path = with pkgs; [ nix-bitcoin.clightning curl torsocks sudo jq ];
serviceConfig = { serviceConfig = {
ExecStart = "${pkgs.bash}/bin/bash ${recurring-donations-script}"; ExecStart = "${pkgs.bash}/bin/bash ${recurring-donations-script}";
# TODO: would be better if this was operator, but I don't get sudo User = "recurring-donations";
# working inside the shell script
User = "clightning";
Type = "oneshot"; Type = "oneshot";
} // nix-bitcoin-services.defaultHardening } // nix-bitcoin-services.defaultHardening
// nix-bitcoin-services.allowTor; // nix-bitcoin-services.allowTor;