freun-dev: fix hastebin

2025-02-20 11:08:48 +02:00
parent 208d566e14
commit 484d68c776
2 changed files with 20 additions and 1 deletions
--- a/hosts/freun-dev/secrets.nix
+++ b/hosts/freun-dev/secrets.nix
@@ -4,7 +4,6 @@
    (
      map (secret: { name = secret; value = { file = ../../secrets/${secret}.age; }; }) [
        "gotosocial"
-        "hastebin-tokens"
        "immich"
        "readeck"
        "storage-box-credentials"
@@ -23,5 +22,13 @@
        else
          "root";
    };
+    hastebin-tokens = {
+      file = ../../secrets/hastebin-tokens.age;
+      owner =
+        if (config.services.hastebin.enable) then
+          config.users.users.hastebin.name
+        else
+          "root";
+    };
  };
 }
--- a/modules/services/hastebin.nix
+++ b/modules/services/hastebin.nix
@@ -37,6 +37,18 @@ in
      auth_tokens_file = secrets.hastebin-tokens.path;
    };

+    users.users.hastebin = {
+      isSystemUser = true;
+      group = "hastebin";
+    };
+
+    users.groups.hastebin = { };
+
+    systemd.services.hastebin.serviceConfig = {
+      DynamicUser = lib.mkForce false;
+      User = "hastebin";
+    };
+
    services.webserver = {
      enable = lib.mkDefault true;
      vHosts.${fqdn} = {