fix(module): disable dynamicuser again

2024-07-22 02:23:15 +02:00 · 2024-07-22 02:23:15 +02:00 · 8e3c7f0efc
commit 8e3c7f0efc
parent 2b485d822c
1 changed files with 3 additions and 2 deletions
--- a/modules/default.nix
+++ b/modules/default.nix
@ -127,6 +127,7 @@ in
  config = lib.mkIf cfg.enable {
    environment.systemPackages = [ pkgs.tvix ];
    users.users.tvix-castore = { };
    users.groups.tvix-castore = { };
    systemd.tmpfiles.rules = [ "d ${cfg.castoreDir} 770 root tvix-castore -" ];
@ -143,7 +144,7 @@ in
            ExecStart = "${pkgs.tvix}/bin/tvix-store --otlp=false daemon --listen-address=\"${cache.grpcListenAddress}\"";
            StateDirectory = "tvix-daemon-${cache.name}";
            RuntimeDirectory = "tvix-daemon-${cache.name}";
-            DynamicUser = true;
+            User = "tvix-castore";
            Group = "tvix-castore";
            ReadWritePaths = cfg.castoreDir;
          } // systemdHardening;
@ -158,7 +159,7 @@ in
          serviceConfig = {
            UMask = "007";
            ExecStart = "${pkgs.tvix}/bin/nar-bridge --otlp=false --listen-address=\"${cache.narBridgeListenAddress}\"";
-            DynamicUser = true;
+            User = "tvix-castore";
            Group = "tvix-castore";
            RuntimeDirectory = "narbridge-${cache.name}";
            ReadWritePaths = cfg.castoreDir;