services: set isSystemUser for service users

'isSystemUser' has to be explicitly set in NixOS 21.05. Previously, it was the implicit default.
2021-08-05 00:48:59 +02:00 · 2021-08-05 00:48:59 +02:00 · e44f78ebb8
parent 0ef66c920b
commit e44f78ebb8
10 changed files with 14 additions and 2 deletions
--- a/modules/bitcoind.nix
+++ b/modules/bitcoind.nix
@ -388,7 +388,10 @@ in {
      } // nbLib.allowLocalIPAddresses;
    };

-    users.users.${cfg.user}.group = cfg.group;
+    users.users.${cfg.user} = {
+      isSystemUser = true;
+      group = cfg.group;
+    };
    users.groups.${cfg.group} = {};
    users.groups.bitcoinrpc-public = {};
    nix-bitcoin.operator.groups = [ cfg.group ];
--- a/modules/btcpayserver.nix
+++ b/modules/btcpayserver.nix
@ -230,6 +230,7 @@ in {
    }; in self;

    users.users.${cfg.nbxplorer.user} = {
+      isSystemUser = true;
      group = cfg.nbxplorer.group;
      extraGroups = [ "bitcoinrpc-public" ]
                    ++ optional cfg.btcpayserver.lbtc cfg.liquidd.group;
@ -237,6 +238,7 @@ in {
    };
    users.groups.${cfg.nbxplorer.group} = {};
    users.users.${cfg.btcpayserver.user} = {
+      isSystemUser = true;
      group = cfg.btcpayserver.group;
      extraGroups = [ cfg.nbxplorer.group ]
                    ++ optional (cfg.btcpayserver.lightningBackend == "clightning") cfg.clightning.user;
--- a/modules/charge-lnd.nix
+++ b/modules/charge-lnd.nix
@ -133,8 +133,8 @@ in
    };

    users.users.${user} = {
-      group = group;
      isSystemUser = true;
+      group = group;
    };
    users.groups.${group} = {};
  };
--- a/modules/clightning.nix
+++ b/modules/clightning.nix
@ -140,6 +140,7 @@ in {
    };

    users.users.${cfg.user} = {
+      isSystemUser = true;
      group = cfg.group;
      extraGroups = [ "bitcoinrpc-public" ];
    };
--- a/modules/electrs.nix
+++ b/modules/electrs.nix
@ -106,6 +106,7 @@ in {
    };

    users.users.${cfg.user} = {
+      isSystemUser = true;
      group = cfg.group;
      extraGroups = [ "bitcoinrpc-public" ] ++ optionals cfg.high-memory [ bitcoind.user ];
    };
--- a/modules/joinmarket.nix
+++ b/modules/joinmarket.nix
@ -270,6 +270,7 @@ in {
    };

    users.users.${cfg.user} = {
+      isSystemUser = true;
      group = cfg.group;
      home = cfg.dataDir;
      # Allow access to the tor control socket, needed for payjoin onion service creation
--- a/modules/liquid.nix
+++ b/modules/liquid.nix
@ -240,6 +240,7 @@ in {
    };

    users.users.${cfg.user} = {
+      isSystemUser = true;
      group = cfg.group;
      extraGroups = [ "bitcoinrpc-public" ];
    };
--- a/modules/lnd.nix
+++ b/modules/lnd.nix
@ -263,6 +263,7 @@ in {
    };

    users.users.${cfg.user} = {
+      isSystemUser = true;
      group = cfg.group;
      extraGroups = [ "bitcoinrpc-public" ];
      home = cfg.dataDir; # lnd creates .lnd dir in HOME
--- a/modules/recurring-donations.nix
+++ b/modules/recurring-donations.nix
@ -97,6 +97,7 @@ in {
    };

    users.users.recurring-donations = {
+      isSystemUser = true;
      group = "recurring-donations";
      extraGroups = [ config.services.clightning.group ];
    };
--- a/modules/spark-wallet.nix
+++ b/modules/spark-wallet.nix
@ -65,6 +65,7 @@ in {
    services.clightning.enable = true;

    users.users.${cfg.user} = {
+      isSystemUser = true;
      group = cfg.group;
      extraGroups = [ config.services.clightning.group ];
    };