summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authortv <tv@krebsco.de>2017-10-03 23:58:25 +0200
committertv <tv@krebsco.de>2017-10-03 23:58:25 +0200
commit0b7a41523149538b441bf385a36e7ed6d74f9207 (patch)
tree2fe81389e965dc67263e83f91eaab7e10ec708d1
parent7e5bfd450fc4acd456639965894b76f75dc95b35 (diff)
tv ejabberd: sudo -u ejabberd ejabberdctl
-rw-r--r--tv/3modules/ejabberd/default.nix16
1 files changed, 15 insertions, 1 deletions
diff --git a/tv/3modules/ejabberd/default.nix b/tv/3modules/ejabberd/default.nix
index 36992883b..e99b94ff9 100644
--- a/tv/3modules/ejabberd/default.nix
+++ b/tv/3modules/ejabberd/default.nix
@@ -72,7 +72,21 @@ in {
};
};
config = lib.mkIf cfg.enable {
- environment.systemPackages = [ cfg.pkgs.ejabberd ];
+ environment.systemPackages = [
+ (pkgs.symlinkJoin {
+ name = "ejabberd-sudo-wrapper";
+ paths = [
+ (pkgs.writeDashBin "ejabberdctl" ''
+ set -efu
+ cd ${shell.escape cfg.user.home}
+ exec /run/wrappers/bin/sudo \
+ -u ${shell.escape cfg.user.name} \
+ ${cfg.pkgs.ejabberd}/bin/ejabberdctl "$@"
+ '')
+ cfg.pkgs.ejabberd
+ ];
+ })
+ ];
krebs.secret.files = {
ejabberd-certfile = cfg.certfile;