unbound service: use auto-generated uid

1. The preStart script ensures consistent ownership, even if the unbound user's uid has changed 2. The unbound daemon does not generate data that needs to be private to it, so it would not matter that a different service would end up owning its data (as long as unbound remains enabled, it should reclaim ownership soon enough anyway). Thus, there's no clear benefit to allocate a dedicated uid for the unbound service. This releases uid/gid 48. Also, because the preStart script creates the data directory, there's no need to specify a homedir or ask for its creation.
2024-11-16 23:03:40 +01:00 · 2016-09-01 18:48:13 +02:00 · 2016-09-01 18:48:13 +02:00 · 39f5182a30
commit 39f5182a30
parent 0759e77dfd
1 changed files with 2 additions and 5 deletions
--- a/nixos/modules/services/networking/unbound.nix
+++ b/nixos/modules/services/networking/unbound.nix
@ -96,12 +96,9 @@ in

    environment.systemPackages = [ pkgs.unbound ];

-    users.extraUsers = singleton {
-      name = "unbound";
-      uid = config.ids.uids.unbound;
+    users.users.unbound = {
      description = "unbound daemon user";
-      home = stateDir;
-      createHome = true;
+      isSystemUser = true;
    };

    systemd.services.unbound = {