diff options
author | Katharina Fey <kookie@spacekookie.de> | 2020-03-24 10:15:32 +0100 |
---|---|---|
committer | Katharina Fey <kookie@spacekookie.de> | 2020-03-24 10:15:32 +0100 |
commit | 96f063dd321abc80ecaa156226cfb7cf9540315a (patch) | |
tree | 7a53ef61484fc7bfff6419b1fd635c67199f27d2 /nixpkgs/nixos/modules/services/networking/haproxy.nix | |
parent | af58f08d3d524e7b008b73a8497ea710915ffaf1 (diff) | |
parent | d96bd3394b734487d1c3bfbac0e8f17465e03afe (diff) |
Merge commit 'd96bd3394b734487d1c3bfbac0e8f17465e03afe'
Diffstat (limited to 'nixpkgs/nixos/modules/services/networking/haproxy.nix')
-rw-r--r-- | nixpkgs/nixos/modules/services/networking/haproxy.nix | 26 |
1 files changed, 25 insertions, 1 deletions
diff --git a/nixpkgs/nixos/modules/services/networking/haproxy.nix b/nixpkgs/nixos/modules/services/networking/haproxy.nix index aff71e5e97d..4678829986c 100644 --- a/nixpkgs/nixos/modules/services/networking/haproxy.nix +++ b/nixpkgs/nixos/modules/services/networking/haproxy.nix @@ -26,6 +26,18 @@ with lib; ''; }; + user = mkOption { + type = types.str; + default = "haproxy"; + description = "User account under which haproxy runs."; + }; + + group = mkOption { + type = types.str; + default = "haproxy"; + description = "Group account under which haproxy runs."; + }; + config = mkOption { type = types.nullOr types.lines; default = null; @@ -49,7 +61,8 @@ with lib; after = [ "network.target" ]; wantedBy = [ "multi-user.target" ]; serviceConfig = { - DynamicUser = true; + User = cfg.user; + Group = cfg.group; Type = "notify"; # when running the config test, don't be quiet so we can see what goes wrong ExecStartPre = "${pkgs.haproxy}/sbin/haproxy -c -f ${haproxyCfg}"; @@ -60,5 +73,16 @@ with lib; AmbientCapabilities = "CAP_NET_BIND_SERVICE"; }; }; + + users.users = optionalAttrs (cfg.user == "haproxy") { + haproxy = { + group = cfg.group; + isSystemUser = true; + }; + }; + + users.groups = optionalAttrs (cfg.group == "haproxy") { + haproxy = {}; + }; }; } |