configurations/nixos/websites/flauschehorn.katja.wtf.nix: use dynamic-user

commit 364008e649fab88b7dc68b6c0e14c71104e5c704
parent a1884384f476faeb9a69eea8ab14b2ef2ebe2aef
Author: Katja (ctucx) <git@ctu.cx>
Date: Tue, 25 Mar 2025 10:34:31 +0100

configurations/nixos/websites/flauschehorn.katja.wtf.nix: use dynamic-user

1 file changed, 4 insertions(+), 7 deletions(-)

configurations/nixos/websites/flauschehorn.katja.wtf.nix

++++-------

diff --git a/configurations/nixos/websites/flauschehorn.katja.wtf.nix b/configurations/nixos/websites/flauschehorn.katja.wtf.nix
@@ -4,13 +4,6 @@
 
   dns.zones."katja.wtf".subdomains.flauschehorn.CNAME = [ "${config.networking.fqdn}." ];
 
-  users.groups."flauschehorn" = {};
-  users.users."flauschehorn"  = {
-   isSystemUser = true;
-   home  = "/var/lib/flauschehorn";
-   group = config.systemd.services.flauschehornFetcher.serviceConfig.Group;
-  };
-
   systemd.services.flauschehornFetcher = {
     environment.DB_PATH = "/var/lib/flauschehorn/db.sqlite";
     startAt       = "*-*-* 3:00:00";

@@ -21,6 +14,8 @@
 
       ExecStart = "${pkgs.flauschehorn-sexy}/bin/mastofetch";
 
+
+      DynamicUser = true;
       User  = "flauschehorn";
       Group = "flauschehorn";
 

@@ -46,6 +41,8 @@
     };
   };
 
+  systemd.services.fcgiwrap-flauschehorn.serviceConfig.ReadOnlyPaths = config.systemd.services.flauschehornFetcher.environment.DB_PATH;
+
   services.fcgiwrap.instances.flauschehorn = {
     socket.user   = config.services.nginx.user;
     socket.group  = config.services.nginx.group;