From 0b7a41523149538b441bf385a36e7ed6d74f9207 Mon Sep 17 00:00:00 2001 From: tv Date: Tue, 3 Oct 2017 23:58:25 +0200 Subject: tv ejabberd: sudo -u ejabberd ejabberdctl --- tv/3modules/ejabberd/default.nix | 16 +++++++++++++++- 1 file changed, 15 insertions(+), 1 deletion(-) (limited to 'tv/3modules/ejabberd/default.nix') diff --git a/tv/3modules/ejabberd/default.nix b/tv/3modules/ejabberd/default.nix index 36992883b..e99b94ff9 100644 --- a/tv/3modules/ejabberd/default.nix +++ b/tv/3modules/ejabberd/default.nix @@ -72,7 +72,21 @@ in { }; }; config = lib.mkIf cfg.enable { - environment.systemPackages = [ cfg.pkgs.ejabberd ]; + environment.systemPackages = [ + (pkgs.symlinkJoin { + name = "ejabberd-sudo-wrapper"; + paths = [ + (pkgs.writeDashBin "ejabberdctl" '' + set -efu + cd ${shell.escape cfg.user.home} + exec /run/wrappers/bin/sudo \ + -u ${shell.escape cfg.user.name} \ + ${cfg.pkgs.ejabberd}/bin/ejabberdctl "$@" + '') + cfg.pkgs.ejabberd + ]; + }) + ]; krebs.secret.files = { ejabberd-certfile = cfg.certfile; -- cgit v1.2.3