Revert "module.nix: run as root"

This reverts commit 621016bd9c.
2020-06-22 17:17:27 +02:00 · 2020-06-22 17:17:27 +02:00 · 2b8d5529f7
parent f4f76f888e
commit 2b8d5529f7
3 changed files with 24 additions and 6 deletions
--- a/cygpio/cygpio.pyx
+++ b/cygpio/cygpio.pyx
@ -52,7 +52,7 @@ cdef class CythonRaspiBackend(object):
        self.tx_pin = tx_pin

    cpdef open(self):
-        # Enable startup debug
+        # Enable full on debug
        gpioCfgSetInternals(gpioCfgGetInternals() | 8);

        # Force usage of non-mailbox DMA
--- a/default.nix
+++ b/default.nix
@ -94,17 +94,15 @@ in with upstream; let
  pigpio = stdenv.mkDerivation rec {
    pname = "pigpio";
    version = "74-q3k";
-    buildFlags = [ "STRIPLIB=echo" "STRIP=echo" "CFLAGS=-g" ];
    installFlags = [ "DESTDIR=$(out)" "prefix=" ];

    src = pkgs.fetchFromGitHub {
      owner = "q3k";
      repo = "pigpio";
-      rev = "fa8c3ec41cb70da4d1868caec655d5f7d474573f";
-      sha256 = "0shd2p1w8k0iz7v5j81w8hw6hy67zxd6r4mvz2xflabiwblr5zi3";
+      rev = "5a0b27c997631b3ba1a7778a176b6f5462233be4";
+      sha256 = "1b55bzfsyghd2lrfqmz6g935zsmwnhbcscb4g11hxm3g7a68g9vv";
    };

-    dontStrip = true;
    propagatedBuildInputs = [ raspberrypi-tools ];
  };

--- a/module.nix
+++ b/module.nix
@ -5,6 +5,9 @@ let

  cfg = config.services.bitvend;

+  bitvendUser = "bitvend";
+  bitvendGroup = "bitvend";
+
  bitvend = (import ./default.nix);
  cfgFile = pkgs.writeText "bitvend.cfg"
    ''
@ -55,6 +58,20 @@ in {
    };
  };
  config = mkIf cfg.enable {
+    ids.uids.bitvend = 2137;
+    ids.gids.bitvend = 2137;
+
+    users.users.bitvend = {
+      name = bitvendUser;
+      group = bitvendGroup;
+      uid = config.ids.uids.bitvend;
+      description = "Bitvend daemon user";
+      home = cfg.stateDir;
+    };
+    users.groups.bitvend = {
+      name = bitvendGroup;
+      gid = config.ids.gids.bitvend;
+    };
    systemd.services.bitvend = {
      environment = {
        BITVEND_SETTINGS = cfgFile;
@ -63,9 +80,12 @@ in {
      script = ''
        ${bitvend}/bin/bitvend-run.py
      '';
+      serviceConfig = {
+        User = bitvendUser;
+      };
    };
    systemd.tmpfiles.rules = [
-      "d '${cfg.stateDir}' 0750 'root' 'root' - -"
+      "d '${cfg.stateDir}' 0750 '${bitvendUser}' '${bitvendGroup}' - -"
    ];
    networking.firewall.allowedTCPPorts = [ 80 443 ];
    services.nginx = {