diff options
| author | Kjetil Ørbekk <kj@orbekk.com> | 2018-08-23 19:51:28 -0400 |
|---|---|---|
| committer | Kjetil Ørbekk <kj@orbekk.com> | 2018-08-23 19:51:28 -0400 |
| commit | ec8751941bbc81ad5b8512086a8f95f09611dbe2 (patch) | |
| tree | a9d47c8a5d7f5ceab0803e43b57027f5ac611f60 /config/users.nix | |
| parent | f12affb4f352b5bb8911d69a2d70ddb1660a2b93 (diff) | |
Add readonly user
Diffstat (limited to 'config/users.nix')
| -rw-r--r-- | config/users.nix | 22 |
1 files changed, 20 insertions, 2 deletions
diff --git a/config/users.nix b/config/users.nix index 0eb7dcb..c6acbe8 100644 --- a/config/users.nix +++ b/config/users.nix @@ -9,13 +9,17 @@ in { home = "/home/orbekk"; uid = 1000; description = "KJ"; - extraGroups = ["wheel" "networkmanager" "dialout" "uucp" "audio" "plugdev" "lxd"]; + extraGroups = ["wheel" "networkmanager" "dialout" "uucp" "audio" "plugdev" "lxd" "readonly"]; openssh.authorizedKeys.keyFiles = [ ../data/pincer_rsa.pub ../data/yubikey_rsa.pub ]; }; - fcgi = { name = "fcgi"; group = "fcgi"; uid = 500; }; + fcgi = { + group = "fcgi"; + extraGroups = ["readonly"]; + uid = 500; + }; systemhttpd = { name = "systemhttpd"; group = "systemhttpd"; @@ -44,6 +48,19 @@ in { uid = 505; home = "/var/lib/terraria"; }; + readonly = { + group = "readonly"; + createHome = false; + uid = 506; + useDefaultShell = true; + home = "/storage"; + }; + mpd = lib.optionalAttrs config.services.mpd.enable { + extraGroups = ["readonly"]; + }; + nginx = lib.optionalAttrs config.services.nginx.enable { + extraGroups = ["readonly"]; + }; }; extraGroups = { fcgi = { name = "fcgi"; gid = 500; }; @@ -52,6 +69,7 @@ in { linoquotes = { name = "linoquotes"; gid = 503; }; stats = { name = "stats"; gid = 504; }; terraria = { name = "terraria"; gid = 505; }; + readonly = { gid = 506; }; }; }; } |