From d6c08776ba620b7822bd0f0b8614a329ce8157e2 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Janne=20He=C3=9F?= Date: Sat, 12 Oct 2019 22:25:28 +0200 Subject: [PATCH] treewide: Switch to system users --- nixos/modules/programs/x2goserver.nix | 1 + nixos/modules/services/admin/oxidized.nix | 1 + nixos/modules/services/audio/jack.nix | 1 + nixos/modules/services/backup/automysqlbackup.nix | 5 ++++- nixos/modules/services/backup/borgbackup.nix | 2 +- .../services/continuous-integration/buildkite-agent.nix | 1 + nixos/modules/services/databases/redis.nix | 5 ++++- nixos/modules/services/databases/rethinkdb.nix | 1 + nixos/modules/services/editors/infinoted.nix | 1 + nixos/modules/services/hardware/trezord.nix | 1 + nixos/modules/services/hardware/usbmuxd.nix | 1 + nixos/modules/services/hardware/vdr.nix | 1 + nixos/modules/services/mail/mailhog.nix | 1 + nixos/modules/services/misc/airsonic.nix | 1 + nixos/modules/services/misc/docker-registry.nix | 6 ++++-- nixos/modules/services/misc/errbot.nix | 5 ++++- nixos/modules/services/misc/gitea.nix | 1 + nixos/modules/services/misc/gollum.nix | 1 + nixos/modules/services/misc/jellyfin.nix | 5 ++++- nixos/modules/services/misc/osrm.nix | 1 + nixos/modules/services/monitoring/collectd.nix | 1 + nixos/modules/services/monitoring/fusion-inventory.nix | 1 + nixos/modules/services/monitoring/netdata.nix | 1 + nixos/modules/services/monitoring/zabbix-agent.nix | 1 + nixos/modules/services/networking/bitcoind.nix | 1 + nixos/modules/services/networking/dnscache.nix | 2 +- nixos/modules/services/networking/dnscrypt-wrapper.nix | 1 + nixos/modules/services/networking/hans.nix | 1 + nixos/modules/services/networking/matterbridge.nix | 1 + nixos/modules/services/networking/morty.nix | 1 + nixos/modules/services/networking/nghttpx/default.nix | 1 + nixos/modules/services/networking/owamp.nix | 1 + nixos/modules/services/networking/thelounge.nix | 1 + nixos/modules/services/networking/tinydns.nix | 2 +- nixos/modules/services/scheduling/marathon.nix | 2 +- nixos/modules/services/security/bitwarden_rs/default.nix | 5 ++++- nixos/modules/services/security/oauth2_proxy.nix | 1 + nixos/modules/services/torrent/magnetico.nix | 1 + nixos/modules/services/web-apps/codimd.nix | 1 + nixos/modules/services/web-apps/frab.nix | 1 + nixos/modules/services/web-apps/limesurvey.nix | 5 ++++- nixos/modules/services/web-apps/mediawiki.nix | 5 ++++- nixos/modules/services/web-apps/moodle.nix | 6 ++++-- nixos/modules/services/web-apps/virtlyst.nix | 1 + nixos/modules/services/web-apps/wordpress.nix | 5 ++++- nixos/modules/services/web-servers/hitch/default.nix | 5 ++++- nixos/modules/services/web-servers/traefik.nix | 1 + nixos/modules/services/web-servers/unit/default.nix | 1 + 48 files changed, 81 insertions(+), 17 deletions(-) diff --git a/nixos/modules/programs/x2goserver.nix b/nixos/modules/programs/x2goserver.nix index 77a1a0da7993..7d74231e956b 100644 --- a/nixos/modules/programs/x2goserver.nix +++ b/nixos/modules/programs/x2goserver.nix @@ -69,6 +69,7 @@ in { users.users.x2go = { home = "/var/lib/x2go/db"; group = "x2go"; + isSystemUser = true; }; security.wrappers.x2gosqliteWrapper = { diff --git a/nixos/modules/services/admin/oxidized.nix b/nixos/modules/services/admin/oxidized.nix index 39112c3970d5..da81be3f23e8 100644 --- a/nixos/modules/services/admin/oxidized.nix +++ b/nixos/modules/services/admin/oxidized.nix @@ -89,6 +89,7 @@ in group = cfg.group; home = cfg.dataDir; createHome = true; + isSystemUser = true; }; systemd.services.oxidized = { diff --git a/nixos/modules/services/audio/jack.nix b/nixos/modules/services/audio/jack.nix index aa3351f401af..ceff366d0bbb 100644 --- a/nixos/modules/services/audio/jack.nix +++ b/nixos/modules/services/audio/jack.nix @@ -223,6 +223,7 @@ in { group = "jackaudio"; extraGroups = [ "audio" ]; description = "JACK Audio system service user"; + isSystemUser = true; }; # http://jackaudio.org/faq/linux_rt_config.html security.pam.loginLimits = [ diff --git a/nixos/modules/services/backup/automysqlbackup.nix b/nixos/modules/services/backup/automysqlbackup.nix index 1884f3536a97..e3a8d1f79934 100644 --- a/nixos/modules/services/backup/automysqlbackup.nix +++ b/nixos/modules/services/backup/automysqlbackup.nix @@ -99,7 +99,10 @@ in environment.systemPackages = [ pkg ]; - users.users.${user}.group = group; + users.users.${user} = { + group = group; + isSystemUser = true; + }; users.groups.${group} = { }; systemd.tmpfiles.rules = [ diff --git a/nixos/modules/services/backup/borgbackup.nix b/nixos/modules/services/backup/borgbackup.nix index 2ad116a7872a..9080f2a170ae 100644 --- a/nixos/modules/services/backup/borgbackup.nix +++ b/nixos/modules/services/backup/borgbackup.nix @@ -106,7 +106,7 @@ let nameValuePair "borgbackup-job-${name}" (stringAfter [ "users" ] ('' # Eensure that the home directory already exists # We can't assert createHome == true because that's not the case for root - cd "${config.users.users.${cfg.user}.home}" + cd "${config.users.users.${cfg.user}.home}" ${install} -d .config/borg ${install} -d .cache/borg '' + optionalString (isLocalPath cfg.repo) '' diff --git a/nixos/modules/services/continuous-integration/buildkite-agent.nix b/nixos/modules/services/continuous-integration/buildkite-agent.nix index 12cc3d2b1ccc..32f361454bc1 100644 --- a/nixos/modules/services/continuous-integration/buildkite-agent.nix +++ b/nixos/modules/services/continuous-integration/buildkite-agent.nix @@ -191,6 +191,7 @@ in createHome = true; description = "Buildkite agent user"; extraGroups = [ "keys" ]; + isSystemUser = true; }; environment.systemPackages = [ cfg.package ]; diff --git a/nixos/modules/services/databases/redis.nix b/nixos/modules/services/databases/redis.nix index 9c389d80a6df..df4e01fd98f5 100644 --- a/nixos/modules/services/databases/redis.nix +++ b/nixos/modules/services/databases/redis.nix @@ -194,7 +194,10 @@ in allowedTCPPorts = [ cfg.port ]; }; - users.users.redis.description = "Redis database user"; + users.users.redis = { + description = "Redis database user"; + isSystemUser = true; + }; environment.systemPackages = [ cfg.package ]; diff --git a/nixos/modules/services/databases/rethinkdb.nix b/nixos/modules/services/databases/rethinkdb.nix index 4828e594b328..f18fbaf5b062 100644 --- a/nixos/modules/services/databases/rethinkdb.nix +++ b/nixos/modules/services/databases/rethinkdb.nix @@ -99,6 +99,7 @@ in users.users.rethinkdb = mkIf (cfg.user == "rethinkdb") { name = "rethinkdb"; description = "RethinkDB server user"; + isSystemUser = true; }; users.groups = optionalAttrs (cfg.group == "rethinkdb") (singleton diff --git a/nixos/modules/services/editors/infinoted.nix b/nixos/modules/services/editors/infinoted.nix index 9cc8d421270e..be3667616942 100644 --- a/nixos/modules/services/editors/infinoted.nix +++ b/nixos/modules/services/editors/infinoted.nix @@ -115,6 +115,7 @@ in { { name = "infinoted"; description = "Infinoted user"; group = cfg.group; + isSystemUser = true; }; users.groups = optional (cfg.group == "infinoted") { name = "infinoted"; diff --git a/nixos/modules/services/hardware/trezord.nix b/nixos/modules/services/hardware/trezord.nix index 62824ed7350a..f6931d0b51a1 100644 --- a/nixos/modules/services/hardware/trezord.nix +++ b/nixos/modules/services/hardware/trezord.nix @@ -74,6 +74,7 @@ in { users.users.trezord = { group = "trezord"; description = "Trezor bridge daemon user"; + isSystemUser = true; }; users.groups.trezord = {}; diff --git a/nixos/modules/services/hardware/usbmuxd.nix b/nixos/modules/services/hardware/usbmuxd.nix index 93ced0b9f04d..39bbcaf4627c 100644 --- a/nixos/modules/services/hardware/usbmuxd.nix +++ b/nixos/modules/services/hardware/usbmuxd.nix @@ -47,6 +47,7 @@ in name = cfg.user; description = "usbmuxd user"; group = cfg.group; + isSystemUser = true; }; users.groups = optional (cfg.group == defaultUserGroup) { diff --git a/nixos/modules/services/hardware/vdr.nix b/nixos/modules/services/hardware/vdr.nix index 6e246f70f515..8a6cde51b06f 100644 --- a/nixos/modules/services/hardware/vdr.nix +++ b/nixos/modules/services/hardware/vdr.nix @@ -66,6 +66,7 @@ in { users.users.vdr = { group = "vdr"; home = libDir; + isSystemUser = true; }; users.groups.vdr = {}; diff --git a/nixos/modules/services/mail/mailhog.nix b/nixos/modules/services/mail/mailhog.nix index b78f4c8e0e66..0f998c6d0ea6 100644 --- a/nixos/modules/services/mail/mailhog.nix +++ b/nixos/modules/services/mail/mailhog.nix @@ -27,6 +27,7 @@ in { users.users.mailhog = { name = cfg.user; description = "MailHog service user"; + isSystemUser = true; }; systemd.services.mailhog = { diff --git a/nixos/modules/services/misc/airsonic.nix b/nixos/modules/services/misc/airsonic.nix index 919d3b2f6e64..c296e048cea4 100644 --- a/nixos/modules/services/misc/airsonic.nix +++ b/nixos/modules/services/misc/airsonic.nix @@ -148,6 +148,7 @@ in { name = cfg.user; home = cfg.home; createHome = true; + isSystemUser = true; }; }; } diff --git a/nixos/modules/services/misc/docker-registry.nix b/nixos/modules/services/misc/docker-registry.nix index c87607d2666a..89bac4f47d73 100644 --- a/nixos/modules/services/misc/docker-registry.nix +++ b/nixos/modules/services/misc/docker-registry.nix @@ -145,11 +145,13 @@ in { }; users.users.docker-registry = - if cfg.storagePath != null + (if cfg.storagePath != null then { createHome = true; home = cfg.storagePath; } - else {}; + else {}) // { + isSystemUser = true; + }; }; } diff --git a/nixos/modules/services/misc/errbot.nix b/nixos/modules/services/misc/errbot.nix index 256adce2f02e..b447ba5d438d 100644 --- a/nixos/modules/services/misc/errbot.nix +++ b/nixos/modules/services/misc/errbot.nix @@ -76,7 +76,10 @@ in { }; config = mkIf (cfg.instances != {}) { - users.users.errbot.group = "errbot"; + users.users.errbot = { + group = "errbot"; + isSystemUser = true; + }; users.groups.errbot = {}; systemd.services = mapAttrs' (name: instanceCfg: nameValuePair "errbot-${name}" ( diff --git a/nixos/modules/services/misc/gitea.nix b/nixos/modules/services/misc/gitea.nix index 4992b13c9d4a..c8c59fb256e8 100644 --- a/nixos/modules/services/misc/gitea.nix +++ b/nixos/modules/services/misc/gitea.nix @@ -409,6 +409,7 @@ in home = cfg.stateDir; useDefaultShell = true; group = "gitea"; + isSystemUser = true; }; }; diff --git a/nixos/modules/services/misc/gollum.nix b/nixos/modules/services/misc/gollum.nix index 7653b415bf09..f4a9c72b1545 100644 --- a/nixos/modules/services/misc/gollum.nix +++ b/nixos/modules/services/misc/gollum.nix @@ -71,6 +71,7 @@ in group = config.users.users.gollum.name; description = "Gollum user"; createHome = false; + isSystemUser = true; }; users.groups.gollum = { }; diff --git a/nixos/modules/services/misc/jellyfin.nix b/nixos/modules/services/misc/jellyfin.nix index 55559206568d..6ecdfb57dc35 100644 --- a/nixos/modules/services/misc/jellyfin.nix +++ b/nixos/modules/services/misc/jellyfin.nix @@ -41,7 +41,10 @@ in }; users.users = mkIf (cfg.user == "jellyfin") { - jellyfin.group = cfg.group; + jellyfin = { + group = cfg.group; + isSystemUser = true; + }; }; users.groups = mkIf (cfg.group == "jellyfin") { diff --git a/nixos/modules/services/misc/osrm.nix b/nixos/modules/services/misc/osrm.nix index f89f37ccd9df..79c347ab7e0e 100644 --- a/nixos/modules/services/misc/osrm.nix +++ b/nixos/modules/services/misc/osrm.nix @@ -59,6 +59,7 @@ in group = config.users.users.osrm.name; description = "OSRM user"; createHome = false; + isSystemUser = true; }; users.groups.osrm = { }; diff --git a/nixos/modules/services/monitoring/collectd.nix b/nixos/modules/services/monitoring/collectd.nix index 6a4c678eb21f..d4b605d62173 100644 --- a/nixos/modules/services/monitoring/collectd.nix +++ b/nixos/modules/services/monitoring/collectd.nix @@ -98,6 +98,7 @@ in { users.users = optional (cfg.user == "collectd") { name = "collectd"; + isSystemUser = true; }; }; } diff --git a/nixos/modules/services/monitoring/fusion-inventory.nix b/nixos/modules/services/monitoring/fusion-inventory.nix index b90579bb70c7..fe19ed561954 100644 --- a/nixos/modules/services/monitoring/fusion-inventory.nix +++ b/nixos/modules/services/monitoring/fusion-inventory.nix @@ -49,6 +49,7 @@ in { users.users = singleton { name = "fusion-inventory"; description = "FusionInventory user"; + isSystemUser = true; }; systemd.services.fusion-inventory = { diff --git a/nixos/modules/services/monitoring/netdata.nix b/nixos/modules/services/monitoring/netdata.nix index 463b1b882acf..7d976db96300 100644 --- a/nixos/modules/services/monitoring/netdata.nix +++ b/nixos/modules/services/monitoring/netdata.nix @@ -181,6 +181,7 @@ in { users.users = optional (cfg.user == defaultUser) { name = defaultUser; + isSystemUser = true; }; users.groups = optional (cfg.group == defaultUser) { diff --git a/nixos/modules/services/monitoring/zabbix-agent.nix b/nixos/modules/services/monitoring/zabbix-agent.nix index 856b9432892b..b3383ed628b2 100644 --- a/nixos/modules/services/monitoring/zabbix-agent.nix +++ b/nixos/modules/services/monitoring/zabbix-agent.nix @@ -131,6 +131,7 @@ in users.users.${user} = { description = "Zabbix Agent daemon user"; inherit group; + isSystemUser = true; }; users.groups.${group} = { }; diff --git a/nixos/modules/services/networking/bitcoind.nix b/nixos/modules/services/networking/bitcoind.nix index 1439d739da9d..90f1291c0198 100644 --- a/nixos/modules/services/networking/bitcoind.nix +++ b/nixos/modules/services/networking/bitcoind.nix @@ -187,6 +187,7 @@ in { group = cfg.group; description = "Bitcoin daemon user"; home = cfg.dataDir; + isSystemUser = true; }; users.groups.${cfg.group} = { name = cfg.group; diff --git a/nixos/modules/services/networking/dnscache.nix b/nixos/modules/services/networking/dnscache.nix index 5051fc916d96..d123bca93219 100644 --- a/nixos/modules/services/networking/dnscache.nix +++ b/nixos/modules/services/networking/dnscache.nix @@ -84,7 +84,7 @@ in { config = mkIf config.services.dnscache.enable { environment.systemPackages = [ pkgs.djbdns ]; - users.users.dnscache = {}; + users.users.dnscache.isSystemUser = true; systemd.services.dnscache = { description = "djbdns dnscache server"; diff --git a/nixos/modules/services/networking/dnscrypt-wrapper.nix b/nixos/modules/services/networking/dnscrypt-wrapper.nix index bf13d5c6f5fe..79f9e1a43083 100644 --- a/nixos/modules/services/networking/dnscrypt-wrapper.nix +++ b/nixos/modules/services/networking/dnscrypt-wrapper.nix @@ -142,6 +142,7 @@ in { description = "dnscrypt-wrapper daemon user"; home = "${dataDir}"; createHome = true; + isSystemUser = true; }; users.groups.dnscrypt-wrapper = { }; diff --git a/nixos/modules/services/networking/hans.nix b/nixos/modules/services/networking/hans.nix index 20e57e4626ef..4f60300f5ff4 100644 --- a/nixos/modules/services/networking/hans.nix +++ b/nixos/modules/services/networking/hans.nix @@ -138,6 +138,7 @@ in users.users = singleton { name = hansUser; description = "Hans daemon user"; + isSystemUser = true; }; }; diff --git a/nixos/modules/services/networking/matterbridge.nix b/nixos/modules/services/networking/matterbridge.nix index 1fd63348c16c..682eaa6eb297 100644 --- a/nixos/modules/services/networking/matterbridge.nix +++ b/nixos/modules/services/networking/matterbridge.nix @@ -95,6 +95,7 @@ in users.users = optional (cfg.user == "matterbridge") { name = "matterbridge"; group = "matterbridge"; + isSystemUser = true; }; users.groups = optional (cfg.group == "matterbridge") diff --git a/nixos/modules/services/networking/morty.nix b/nixos/modules/services/networking/morty.nix index 1b3084fe9abb..e3a6444c1163 100644 --- a/nixos/modules/services/networking/morty.nix +++ b/nixos/modules/services/networking/morty.nix @@ -74,6 +74,7 @@ in { description = "Morty user"; createHome = true; home = "/var/lib/morty"; + isSystemUser = true; }; systemd.services.morty = diff --git a/nixos/modules/services/networking/nghttpx/default.nix b/nixos/modules/services/networking/nghttpx/default.nix index d6e1906e3881..881a2670f5db 100644 --- a/nixos/modules/services/networking/nghttpx/default.nix +++ b/nixos/modules/services/networking/nghttpx/default.nix @@ -96,6 +96,7 @@ in users.groups.nghttpx = { }; users.users.nghttpx = { group = config.users.groups.nghttpx.name; + isSystemUser = true; }; diff --git a/nixos/modules/services/networking/owamp.nix b/nixos/modules/services/networking/owamp.nix index 821a0258f4be..dbb2e3b4c409 100644 --- a/nixos/modules/services/networking/owamp.nix +++ b/nixos/modules/services/networking/owamp.nix @@ -21,6 +21,7 @@ in name = "owamp"; group = "owamp"; description = "Owamp daemon"; + isSystemUser = true; }; users.groups = singleton { diff --git a/nixos/modules/services/networking/thelounge.nix b/nixos/modules/services/networking/thelounge.nix index b1d23372955e..875d8f661697 100644 --- a/nixos/modules/services/networking/thelounge.nix +++ b/nixos/modules/services/networking/thelounge.nix @@ -56,6 +56,7 @@ in { users.users.thelounge = { description = "thelounge service user"; group = "thelounge"; + isSystemUser = true; }; users.groups.thelounge = {}; systemd.services.thelounge = { diff --git a/nixos/modules/services/networking/tinydns.nix b/nixos/modules/services/networking/tinydns.nix index 7d5db71601ef..7b2c464ab46b 100644 --- a/nixos/modules/services/networking/tinydns.nix +++ b/nixos/modules/services/networking/tinydns.nix @@ -32,7 +32,7 @@ with lib; config = mkIf config.services.tinydns.enable { environment.systemPackages = [ pkgs.djbdns ]; - users.users.tinydns = {}; + users.users.tinydns.isSystemUser = true; systemd.services.tinydns = { description = "djbdns tinydns server"; diff --git a/nixos/modules/services/scheduling/marathon.nix b/nixos/modules/services/scheduling/marathon.nix index 0961a67770e1..2e0d20c64b23 100644 --- a/nixos/modules/services/scheduling/marathon.nix +++ b/nixos/modules/services/scheduling/marathon.nix @@ -93,6 +93,6 @@ in { }; }; - users.users.${cfg.user} = { }; + users.users.${cfg.user}.isSystemUser = true; }; } diff --git a/nixos/modules/services/security/bitwarden_rs/default.nix b/nixos/modules/services/security/bitwarden_rs/default.nix index 80fd65891ff8..d1817db07555 100644 --- a/nixos/modules/services/security/bitwarden_rs/default.nix +++ b/nixos/modules/services/security/bitwarden_rs/default.nix @@ -74,7 +74,10 @@ in { webVaultEnabled = mkDefault true; }; - users.users.bitwarden_rs = { inherit group; }; + users.users.bitwarden_rs = { + inherit group; + isSystemUser = true; + }; users.groups.bitwarden_rs = { }; systemd.services.bitwarden_rs = { diff --git a/nixos/modules/services/security/oauth2_proxy.nix b/nixos/modules/services/security/oauth2_proxy.nix index bb03f7fc9e43..2abb9ec32aca 100644 --- a/nixos/modules/services/security/oauth2_proxy.nix +++ b/nixos/modules/services/security/oauth2_proxy.nix @@ -546,6 +546,7 @@ in users.users.oauth2_proxy = { description = "OAuth2 Proxy"; + isSystemUser = true; }; systemd.services.oauth2_proxy = { diff --git a/nixos/modules/services/torrent/magnetico.nix b/nixos/modules/services/torrent/magnetico.nix index 02fa2ac0750a..a7acdb78b316 100644 --- a/nixos/modules/services/torrent/magnetico.nix +++ b/nixos/modules/services/torrent/magnetico.nix @@ -171,6 +171,7 @@ in { users.users.magnetico = { description = "Magnetico daemons user"; + isSystemUser = true; }; systemd.services.magneticod = { diff --git a/nixos/modules/services/web-apps/codimd.nix b/nixos/modules/services/web-apps/codimd.nix index 7ae7cd9c52d8..5f56f8ed5a09 100644 --- a/nixos/modules/services/web-apps/codimd.nix +++ b/nixos/modules/services/web-apps/codimd.nix @@ -893,6 +893,7 @@ in extraGroups = cfg.groups; home = cfg.workDir; createHome = true; + isSystemUser = true; }; systemd.services.codimd = { diff --git a/nixos/modules/services/web-apps/frab.nix b/nixos/modules/services/web-apps/frab.nix index 7914e5cc0ee1..a9a30b409220 100644 --- a/nixos/modules/services/web-apps/frab.nix +++ b/nixos/modules/services/web-apps/frab.nix @@ -177,6 +177,7 @@ in { name = cfg.user; group = cfg.group; home = "${cfg.statePath}"; + isSystemUser = true; } ]; diff --git a/nixos/modules/services/web-apps/limesurvey.nix b/nixos/modules/services/web-apps/limesurvey.nix index 68b57a9b90dd..bd524524130d 100644 --- a/nixos/modules/services/web-apps/limesurvey.nix +++ b/nixos/modules/services/web-apps/limesurvey.nix @@ -277,7 +277,10 @@ in systemd.services.httpd.after = optional mysqlLocal "mysql.service" ++ optional pgsqlLocal "postgresql.service"; - users.users.${user}.group = group; + users.users.${user} = { + group = group; + isSystemUser = true; + }; }; } diff --git a/nixos/modules/services/web-apps/mediawiki.nix b/nixos/modules/services/web-apps/mediawiki.nix index ec2568bf952d..43edc04e1a49 100644 --- a/nixos/modules/services/web-apps/mediawiki.nix +++ b/nixos/modules/services/web-apps/mediawiki.nix @@ -461,7 +461,10 @@ in systemd.services.httpd.after = optional (cfg.database.createLocally && cfg.database.type == "mysql") "mysql.service"; - users.users.${user}.group = group; + users.users.${user} = { + group = group; + isSystemUser = true; + }; environment.systemPackages = [ mediawikiScripts ]; }; diff --git a/nixos/modules/services/web-apps/moodle.nix b/nixos/modules/services/web-apps/moodle.nix index 211bc17ee192..ac59f9e0012a 100644 --- a/nixos/modules/services/web-apps/moodle.nix +++ b/nixos/modules/services/web-apps/moodle.nix @@ -309,7 +309,9 @@ in systemd.services.httpd.after = optional mysqlLocal "mysql.service" ++ optional pgsqlLocal "postgresql.service"; - users.users.${user}.group = group; - + users.users.${user} = { + group = group; + isSystemUser = true; + }; }; } diff --git a/nixos/modules/services/web-apps/virtlyst.nix b/nixos/modules/services/web-apps/virtlyst.nix index e5c0bff2168a..37bdbb0e3b42 100644 --- a/nixos/modules/services/web-apps/virtlyst.nix +++ b/nixos/modules/services/web-apps/virtlyst.nix @@ -54,6 +54,7 @@ in home = stateDir; createHome = true; group = mkIf config.virtualisation.libvirtd.enable "libvirtd"; + isSystemUser = true; }; systemd.services.virtlyst = { diff --git a/nixos/modules/services/web-apps/wordpress.nix b/nixos/modules/services/web-apps/wordpress.nix index e311dd917dd0..f1370c2854b8 100644 --- a/nixos/modules/services/web-apps/wordpress.nix +++ b/nixos/modules/services/web-apps/wordpress.nix @@ -367,7 +367,10 @@ in }) ]; - users.users.${user}.group = group; + users.users.${user} = { + group = group; + isSystemUser = true; + }; }; } diff --git a/nixos/modules/services/web-servers/hitch/default.nix b/nixos/modules/services/web-servers/hitch/default.nix index a6c4cbea1225..1812f225b74d 100644 --- a/nixos/modules/services/web-servers/hitch/default.nix +++ b/nixos/modules/services/web-servers/hitch/default.nix @@ -102,7 +102,10 @@ with lib; environment.systemPackages = [ pkgs.hitch ]; - users.users.hitch.group = "hitch"; + users.users.hitch = { + group = "hitch"; + isSystemUser = true; + }; users.groups.hitch = {}; }; } diff --git a/nixos/modules/services/web-servers/traefik.nix b/nixos/modules/services/web-servers/traefik.nix index 8de7df0d446c..5b0fc467ea46 100644 --- a/nixos/modules/services/web-servers/traefik.nix +++ b/nixos/modules/services/web-servers/traefik.nix @@ -117,6 +117,7 @@ in { group = "traefik"; home = cfg.dataDir; createHome = true; + isSystemUser = true; }; users.groups.traefik = {}; diff --git a/nixos/modules/services/web-servers/unit/default.nix b/nixos/modules/services/web-servers/unit/default.nix index a4a9d370d644..32f6d475b34e 100644 --- a/nixos/modules/services/web-servers/unit/default.nix +++ b/nixos/modules/services/web-servers/unit/default.nix @@ -116,6 +116,7 @@ in { users.users = optionalAttrs (cfg.user == "unit") (singleton { name = "unit"; group = cfg.group; + isSystemUser = true; }); users.groups = optionalAttrs (cfg.group == "unit") (singleton {