tv ejabberd: sudo -u ejabberd ejabberdctl

author: tv <tv@krebsco.de> 2017-10-03 23:58:25 +0200
committer: tv <tv@krebsco.de> 2017-10-03 23:58:25 +0200
commit: 2d79fb5a5b05942d325afc2f629cf7f8d790b336 (patch)
tree: f4ac7c814029d08c3936f44c267e11ad9cd99b5b /tv/3modules
parent: aa0a70d82db4b0e3a48723c4006021efc141de6e (diff)
1 files changed, 15 insertions, 1 deletions
diff --git a/tv/3modules/ejabberd/default.nix b/tv/3modules/ejabberd/default.nix
index 3699288..e99b94f 100644
--- a/tv/3modules/ejabberd/default.nix
+++ b/tv/3modules/ejabberd/default.nix
@@ -72,7 +72,21 @@ in {
     };
   };
   config = lib.mkIf cfg.enable {
-    environment.systemPackages = [ cfg.pkgs.ejabberd ];
+    environment.systemPackages = [
+      (pkgs.symlinkJoin {
+        name = "ejabberd-sudo-wrapper";
+        paths = [
+          (pkgs.writeDashBin "ejabberdctl" ''
+            set -efu
+            cd ${shell.escape cfg.user.home}
+            exec /run/wrappers/bin/sudo \
+                -u ${shell.escape cfg.user.name} \
+                ${cfg.pkgs.ejabberd}/bin/ejabberdctl "$@"
+          '')
+          cfg.pkgs.ejabberd
+        ];
+      })
+    ];
 
     krebs.secret.files = {
       ejabberd-certfile = cfg.certfile;
author	tv <tv@krebsco.de>	2017-10-03 23:58:25 +0200
committer	tv <tv@krebsco.de>	2017-10-03 23:58:25 +0200
commit	2d79fb5a5b05942d325afc2f629cf7f8d790b336 (patch)
tree	f4ac7c814029d08c3936f44c267e11ad9cd99b5b /tv/3modules
parent	aa0a70d82db4b0e3a48723c4006021efc141de6e (diff)