From 6197695dfb24f1ae3269359fb9e189b24fdd86a3 Mon Sep 17 00:00:00 2001
From: tzlil <tzlils@protonmail.com>
Date: Sun, 20 Aug 2023 15:30:07 +0300
Subject: fix dendrite, disable dhcpv6 dns servers

---
 hosts/vps/services/matrix.nix | 16 ++++++++++++----
 1 file changed, 12 insertions(+), 4 deletions(-)

(limited to 'hosts/vps/services/matrix.nix')

diff --git a/hosts/vps/services/matrix.nix b/hosts/vps/services/matrix.nix
index 005040f..af38f58 100644
--- a/hosts/vps/services/matrix.nix
+++ b/hosts/vps/services/matrix.nix
@@ -102,9 +102,17 @@
       ensureDatabases = ["dendrite"];
     };
 
+    users.groups.dendrite = {};
+    users.users.dendrite = {
+      isSystemUser = true;
+      description = "dendrite";
+      group = "dendrite";
+    };
     # not needed if i use /var/lib/private , DynamicUser can remap the permissions for the service
-    # systemd.services.dendrite.serviceConfig.User = "dendrite";
-    # systemd.services.dendrite.serviceConfig.Group = "dendrite";
+    systemd.services.dendrite.serviceConfig.User = "dendrite";
+    systemd.services.dendrite.serviceConfig.Group = "dendrite";
+    systemd.services.dendrite.serviceConfig.DynamicUser = lib.mkForce "false";
+
     environment.persistence."/nix/persist".directories = [
       {
         directory = "/var/lib/postgresql/${config.services.postgresql.package.psqlSchema}";
@@ -114,8 +122,8 @@
 
       {
         directory = "/var/lib/private/dendrite";
-        user = "root";
-        group = "root";
+        user = "dendrite";
+        group = "dendrite";
       }
     ];
 
-- 
cgit 1.4.1