nixos/gns3-server: disable SystemD DisableUser

Usage of DynamicUser is compatible with SUID wrappers. GNS3 needs to call ubridge via its SUID Wrapper to work.
NixOS · Sep 22, 2024 · 760ba64 · 760ba64
1 parent 389164f
commit 760ba64
Showing 1 changed file with 7 additions and 1 deletion.
diff --git a/nixos/modules/services/networking/gns3-server.nix b/nixos/modules/services/networking/gns3-server.nix
@@ -129,8 +129,15 @@ in {
       }
     ];
 
+    users.groups.gns3 = { };
+
     users.groups.ubridge = lib.mkIf cfg.ubridge.enable { };
 
+    users.users.gns3 = {
+      group = "gns3";
+      isSystemUser = true;
+    };
+
     security.wrappers.ubridge = lib.mkIf cfg.ubridge.enable {
       capabilities = "cap_net_raw,cap_net_admin=eip";
       group = "ubridge";
@@ -206,7 +213,6 @@ in {
       serviceConfig = {
         ConfigurationDirectory = "gns3";
         ConfigurationDirectoryMode = "0750";
-        DynamicUser = true;
         Environment = "HOME=%S/gns3";
         ExecReload = "${pkgs.coreutils}/bin/kill -HUP $MAINPID";
         ExecStart = "${lib.getExe cfg.package} ${commandArgs}";