nixos/stalwart-mail: do not use DynamicUser
This service stores a large number of files for its blob store and some of its databases. This is not compatible with `DynamicUser`, which `chown`s everything in the state directory every time the service is started. Therefore, we now use a static system user and group instead. See https://github.com/NixOS/nixpkgs/pull/313634#discussion_r1609960417
This commit is contained in:
parent
1777f06494
commit
6ee84bcda0
@ -48,6 +48,18 @@ in {
|
|||||||
];
|
];
|
||||||
};
|
};
|
||||||
|
|
||||||
|
# This service stores a potentially large amount of data.
|
||||||
|
# Running it as a dynamic user would force chown to be run everytime the
|
||||||
|
# service is restarted on a potentially large number of files.
|
||||||
|
# That would cause unnecessary and unwanted delays.
|
||||||
|
users = {
|
||||||
|
groups.stalwart-mail = { };
|
||||||
|
users.stalwart-mail = {
|
||||||
|
isSystemUser = true;
|
||||||
|
group = "stalwart-mail";
|
||||||
|
};
|
||||||
|
};
|
||||||
|
|
||||||
systemd.services.stalwart-mail = {
|
systemd.services.stalwart-mail = {
|
||||||
wantedBy = [ "multi-user.target" ];
|
wantedBy = [ "multi-user.target" ];
|
||||||
after = [ "local-fs.target" "network.target" ];
|
after = [ "local-fs.target" "network.target" ];
|
||||||
@ -71,8 +83,8 @@ in {
|
|||||||
StandardError = "journal";
|
StandardError = "journal";
|
||||||
SyslogIdentifier = "stalwart-mail";
|
SyslogIdentifier = "stalwart-mail";
|
||||||
|
|
||||||
DynamicUser = true;
|
|
||||||
User = "stalwart-mail";
|
User = "stalwart-mail";
|
||||||
|
Group = "stalwart-mail";
|
||||||
StateDirectory = "stalwart-mail";
|
StateDirectory = "stalwart-mail";
|
||||||
|
|
||||||
# Bind standard privileged ports
|
# Bind standard privileged ports
|
||||||
|
Loading…
Reference in New Issue
Block a user