nixos/sslh: don't run as nogroup

See #55370
This commit is contained in:
Jörg Thalheim 2020-02-28 15:06:49 +00:00
parent 250daba4be
commit 9218a58964
No known key found for this signature in database
GPG Key ID: 003F2096411B5F92

View File

@ -77,19 +77,14 @@ in
config = mkMerge [
(mkIf cfg.enable {
users.users.${user} = {
description = "sslh daemon user";
isSystemUser = true;
};
systemd.services.sslh = {
description = "Applicative Protocol Multiplexer (e.g. share SSH and HTTPS on the same port)";
after = [ "network.target" ];
wantedBy = [ "multi-user.target" ];
serviceConfig = {
User = user;
Group = "nogroup";
DynamicUser = true;
User = "sslh";
PermissionsStartOnly = true;
Restart = "always";
RestartSec = "1s";