summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorPiotr Dobrowolski <admin@tastycode.pl>2020-06-22 17:17:27 +0200
committerPiotr Dobrowolski <admin@tastycode.pl>2020-06-22 17:17:27 +0200
commit2b8d5529f762d74fbd4d8093a4f1b184c07d7d25 (patch)
tree485d3d7e2f38dd7bca3b07bcc1b9397e7c4a3882
parentf4f76f888ea40c27b47d9db118dc5e53689f4e00 (diff)
downloadbitvend-2b8d5529f762d74fbd4d8093a4f1b184c07d7d25.tar.gz
bitvend-2b8d5529f762d74fbd4d8093a4f1b184c07d7d25.tar.bz2
bitvend-2b8d5529f762d74fbd4d8093a4f1b184c07d7d25.tar.xz
bitvend-2b8d5529f762d74fbd4d8093a4f1b184c07d7d25.zip
Revert "module.nix: run as root"
This reverts commit 621016bd9c16d64b4d51a6cb7a87e390d510508f.
-rw-r--r--cygpio/cygpio.pyx2
-rw-r--r--default.nix6
-rw-r--r--module.nix22
3 files changed, 24 insertions, 6 deletions
diff --git a/cygpio/cygpio.pyx b/cygpio/cygpio.pyx
index 4c689e3..dd0a931 100644
--- a/cygpio/cygpio.pyx
+++ b/cygpio/cygpio.pyx
@@ -52,7 +52,7 @@ cdef class CythonRaspiBackend(object):
self.tx_pin = tx_pin
cpdef open(self):
- # Enable startup debug
+ # Enable full on debug
gpioCfgSetInternals(gpioCfgGetInternals() | 8);
# Force usage of non-mailbox DMA
diff --git a/default.nix b/default.nix
index de8951b..b83484f 100644
--- a/default.nix
+++ b/default.nix
@@ -94,17 +94,15 @@ in with upstream; let
pigpio = stdenv.mkDerivation rec {
pname = "pigpio";
version = "74-q3k";
- buildFlags = [ "STRIPLIB=echo" "STRIP=echo" "CFLAGS=-g" ];
installFlags = [ "DESTDIR=$(out)" "prefix=" ];
src = pkgs.fetchFromGitHub {
owner = "q3k";
repo = "pigpio";
- rev = "fa8c3ec41cb70da4d1868caec655d5f7d474573f";
- sha256 = "0shd2p1w8k0iz7v5j81w8hw6hy67zxd6r4mvz2xflabiwblr5zi3";
+ rev = "5a0b27c997631b3ba1a7778a176b6f5462233be4";
+ sha256 = "1b55bzfsyghd2lrfqmz6g935zsmwnhbcscb4g11hxm3g7a68g9vv";
};
- dontStrip = true;
propagatedBuildInputs = [ raspberrypi-tools ];
};
diff --git a/module.nix b/module.nix
index bdfd06e..b8149f5 100644
--- a/module.nix
+++ b/module.nix
@@ -5,6 +5,9 @@ let
cfg = config.services.bitvend;
+ bitvendUser = "bitvend";
+ bitvendGroup = "bitvend";
+
bitvend = (import ./default.nix);
cfgFile = pkgs.writeText "bitvend.cfg"
''
@@ -55,6 +58,20 @@ in {
};
};
config = mkIf cfg.enable {
+ ids.uids.bitvend = 2137;
+ ids.gids.bitvend = 2137;
+
+ users.users.bitvend = {
+ name = bitvendUser;
+ group = bitvendGroup;
+ uid = config.ids.uids.bitvend;
+ description = "Bitvend daemon user";
+ home = cfg.stateDir;
+ };
+ users.groups.bitvend = {
+ name = bitvendGroup;
+ gid = config.ids.gids.bitvend;
+ };
systemd.services.bitvend = {
environment = {
BITVEND_SETTINGS = cfgFile;
@@ -63,9 +80,12 @@ in {
script = ''
${bitvend}/bin/bitvend-run.py
'';
+ serviceConfig = {
+ User = bitvendUser;
+ };
};
systemd.tmpfiles.rules = [
- "d '${cfg.stateDir}' 0750 'root' 'root' - -"
+ "d '${cfg.stateDir}' 0750 '${bitvendUser}' '${bitvendGroup}' - -"
];
networking.firewall.allowedTCPPorts = [ 80 443 ];
services.nginx = {