Merge pull request #61729 from worldofpeace/geoclue/no-root

nixos/geoclue2: don't run as root

nixos/modules/services/desktops/geoclue2.nix

@@ -188,6 +188,19 @@ in
 
     systemd.packages = [ package ];
 
+    users.users.geoclue = {
+      isSystemUser = true;
+      home = "/var/lib/geoclue";
+      group = "geoclue";
+      description = "Geoinformation service";
+    };
+
+    users.groups.geoclue = {};
+
+    systemd.tmpfiles.rules = [
+      "d /var/lib/geoclue 0755 geoclue geoclue"
+    ];
+
     # restart geoclue service when the configuration changes
     systemd.services."geoclue".restartTriggers = [
       config.environment.etc."geoclue/geoclue.conf".source

pkgs/development/libraries/geoclue/default.nix

@@ -42,6 +42,7 @@ stdenv.mkDerivation rec {
     "-Ddemo-agent=${if withDemoAgent then "true" else "false"}"
     "--sysconfdir=/etc"
     "-Dsysconfdir_install=${placeholder "out"}/etc"
+    "-Ddbus-srv-user=geoclue"
   ] ++ optionals stdenv.isDarwin [
     "-D3g-source=false"
     "-Dcdma-source=false"