commit ee8f1d5e2cc47ab9b95a67dcb8d1ce18583e7e35
author vuko <vuko@hackerspace.pl> Sat Dec 31 01:04:42 2022 +0100
committer vuko <vuko@hackerspace.pl> Fri Mar 31 19:33:17 2023 +0000
tree ef4c11a58c126b5625603202727e25fd9177848a
parent 779727b39ef6f3f7f28522ce21e02b7a8b344ed5

hswaw/customs: disable DynamicUser for dhcpd / checkinator

Change-Id: I9c7feccf8eb908bf3808afb2ffc5adac50d7abd9
Reviewed-on: https://gerrit.hackerspace.pl/c/hscloud/+/1455
Reviewed-by: q3k <q3k@hackerspace.pl>

hswaw/machines/customs.hackerspace.pl/configuration.nix

diff --git a/hswaw/machines/customs.hackerspace.pl/configuration.nix b/hswaw/machines/customs.hackerspace.pl/configuration.nix
index ce13373..6f880d2 100644
--- a/hswaw/machines/customs.hackerspace.pl/configuration.nix
+++ b/hswaw/machines/customs.hackerspace.pl/configuration.nix
@@ -316,10 +316,20 @@
 
   services.dhcpd4 = {
     enable = true;
-    configFile = ./dhcpd.conf;
+    configFile = "${./dhcpd.conf}";
     interfaces = ["lan"];
   };
 
+  # Checkinator needs access to leases file. When DynamicUser is enable this
+  # file is hidden in /var/lib/private
+  systemd.services.dhcpd4.serviceConfig.DynamicUser= pkgs.lib.mkForce false;
+  users.users.dhcpd = {
+    group = "dhcpd";
+    isSystemUser = true;
+    uid = 1005;
+  };
+  users.groups."dhcpd" = {};
+
   hscloud.routing = {
     enable = true;
     # TODO(q3k): make this optional in upstream