titaniumtown/nixos
1
0
Fork 0
Code Issues Pull Requests Actions 1 Packages Projects Releases Wiki Activity

ddns-updater: disable DynamicUser to fix secret perms

Browse Source
This commit is contained in:
Simon Gardling
2026-04-09 20:47:04 -04:00
parent ce1c335230
commit 100999734b
2 changed files with 15 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

13
services/ddns-updater.nix
View File

@@ -1,5 +1,6 @@
{
config,
lib,
...
}:
{
@@ -11,4 +12,16 @@
CONFIG_FILEPATH = config.age.secrets.ddns-updater-config.path;
};
};
users.users.ddns-updater = {
isSystemUser = true;
group = "ddns-updater";
};
users.groups.ddns-updater = { };
systemd.service.ddns-updater.serviceConfig = {
DynamicUser = lib.mkForce false;
User = "ddns-updater";
Group = "ddns-updater";
};
}