diff options
| author | Timo Wilken | 2023-02-19 17:21:04 +0100 |
|---|---|---|
| committer | Timo Wilken | 2023-02-19 17:36:10 +0100 |
| commit | 8e7b618a6177e423c1082ac7dc4f3d5047f45f58 (patch) | |
| tree | 2bc1217e0397ef71f0d4c02269290128c5562de2 | |
| parent | c9d1523eb1eef983f46e0297f6a06a03991d3a43 (diff) | |
Use mcron's #:user instead of manual setuid
| -rw-r--r-- | tw/services/media.scm | 9 | ||||
| -rw-r--r-- | tw/system/lud.scm | 3 |
2 files changed, 4 insertions, 8 deletions
diff --git a/tw/services/media.scm b/tw/services/media.scm index 9533455e..34d25cf2 100644 --- a/tw/services/media.scm +++ b/tw/services/media.scm @@ -39,8 +39,7 @@ The service expects a @code{.yt-dlp} config directory inside this one.") (schedule (string-or-gexp (random-time-every-second-night 'even?)) "The mcron schedule on which to run the download script. By default, picks a random time between 01:00 and 06:00 every second night.") - (user (string "root") "The Unix user name to run the script as.") - (group (string "root") "The Unix group name to run the script as.")) + (user (string "root") "The Unix user name to run the script as.")) (define (yt-dlp-cronjob config) (list @@ -55,14 +54,12 @@ between 01:00 and 06:00 every second night.") "yt-dlp-command" #~(begin (chdir #$(yt-dlp-configuration-media-directory config)) - ;; `setgid' first while we're still root - (setgid (group:gid (getgr #$(yt-dlp-configuration-group config)))) - (setuid (passwd:uid (getpw #$(yt-dlp-configuration-user config)))) ;; Auto-update if we're using yt-dlp from the media directory. #$@(if yt-dlp-package '() (list #~(system* #$yt-dlp-executable "--ignore-config" "--update"))) (execl #$yt-dlp-executable - "yt-dlp" "--ignore-config" "--config-location" ".yt-dlp"))))))) + "yt-dlp" "--ignore-config" "--config-location" ".yt-dlp"))) + #:user #$(yt-dlp-configuration-user config))))) (define yt-dlp-service-type (service-type diff --git a/tw/system/lud.scm b/tw/system/lud.scm index b5795eef..c2f124b2 100644 --- a/tw/system/lud.scm +++ b/tw/system/lud.scm @@ -117,8 +117,7 @@ SSLSessionCacheTimeout 1200 (yt-dlp-configuration (yt-dlp #f) ; use yt-dlp from media-directory (media-directory "/var/data/syncthing/Videos") - (user "syncthing") - (group "syncthing"))) + (user "syncthing"))) ;; certbot for Synapse + Apache/Nextcloud ;; This also installs a nginx server on port 80, redirecting to port 443. |