From 231187490dde7371a2ec30b11e5ebe69c62f7eff Mon Sep 17 00:00:00 2001 From: Richard Warfield Date: Mon, 1 Apr 2024 11:34:01 +0700 Subject: [PATCH] Add user, group, and extraServiceConfig to erigon module --- modules/erigon/default.nix | 12 +++++++++++- modules/erigon/options.nix | 18 ++++++++++++++++++ 2 files changed, 29 insertions(+), 1 deletion(-) diff --git a/modules/erigon/default.nix b/modules/erigon/default.nix index 3f55f8ad..20e531d2 100644 --- a/modules/erigon/default.nix +++ b/modules/erigon/default.nix @@ -116,7 +116,6 @@ in { serviceConfig = mkMerge [ baseServiceConfig { - User = serviceName; StateDirectory = serviceName; ExecStartPre = mkIf (cfg.subVolume && cfg.args.datadir == null) (mkBefore [ @@ -126,9 +125,20 @@ in { ReadWritePaths = mkIf (cfg.args.datadir != null) cfg.args.datadir; } + (mkIf (cfg.user == null) { + User = serviceName; + }) + (mkIf (cfg.user != null) { + DynamicUser = false; + User = cfg.user; + }) + (mkIf (cfg.group != null) { + Group = cfg.group; + }) (mkIf (cfg.args.authrpc.jwtsecret != null) { LoadCredential = ["jwt-secret:${cfg.args.authrpc.jwtsecret}"]; }) + cfg.extraServiceConfig ]; }) ) diff --git a/modules/erigon/options.nix b/modules/erigon/options.nix index ee5eb74d..f1f723c7 100644 --- a/modules/erigon/options.nix +++ b/modules/erigon/options.nix @@ -39,6 +39,24 @@ default = false; description = lib.mdDoc "Open ports in the firewall for any enabled networking services"; }; + + user = mkOption { + type = types.nullOr types.str; + default = null; + description = mdDoc "User to run the systemd service."; + }; + + group = mkOption { + type = types.nullOr types.str; + default = null; + description = mdDoc "Primary group for the systemd service."; + }; + + extraServiceConfig = mkOption { + type = types.attrsOf types.str; + default = {}; + description = mdDoc "Extra settings for the systemd [Service] stanza."; + }; }; }; in {