nix/machines
1
0
Fork 0
Code Issues Releases Packages Activity Actions

Change set unix user command to service
All checks were successful
/ dev-shell (push) Successful in 29s
Details
/ rust-packages (push) Successful in 36s
Details
/ terraform-providers (push) Successful in 32s
Details
/ check (push) Successful in 1m10s
Details
/ systems (push) Successful in 3m33s
Details

Browse source
This commit is contained in:
Kaare Hoff Skovgaard 2025-07-19 22:41:55 +02:00
parent 16cd4f241e
commit 293dbdab94
Signed by: khs
GPG key ID: C7D890804F01E9F0
1 changed files with 15 additions and 2 deletions
Download patch file Download diff file Expand all files Collapse all files

17
nix/modules/nixos/infrastructure/vault-server-approle/unix-user.nix
View file

@ -6,7 +6,8 @@
}:
let
cfg = config.khscodes.infrastructure.vault-server-approle;
userExists = username: (builtins.hasAttr username config.users.users) && config.users.users.enable;
userExists =
username: (builtins.hasAttr username config.users.users) && config.users.users.khs.enable;
setKhsPassword = pkgs.writeShellApplication {
name = "set-khs-password";
runtimeInputs = [
@ -37,8 +38,20 @@ in
perms = "0600";
owner = "root";
group = "root";
exec = lib.getExe setKhsPassword;
restartUnits = [ "set-khs-password.service" ];
}
];
systemd.services.set-khs-password = {
enable = true;
unitConfig = {
ConditionPathExists = "/run/unix-users/khs";
};
serviceConfig = {
Type = "oneshot";
User = "root";
Group = "root";
ExecStart = lib.getExe setKhsPassword;
};
};
};
}