From 3c488fe293724117a34c55a3115f77aa52e8596c Mon Sep 17 00:00:00 2001
From: Tom Prince <tom.prince@private.storage>
Date: Tue, 11 Jan 2022 10:29:01 -0700
Subject: [PATCH] Don't use a group of `nobody` for users.

This is disallowed in nixos 21.11 as it is a potential security issue.
---
 nixos/modules/tahoe.nix | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/nixos/modules/tahoe.nix b/nixos/modules/tahoe.nix
index e0b6eb4d..44c381e6 100644
--- a/nixos/modules/tahoe.nix
+++ b/nixos/modules/tahoe.nix
@@ -156,6 +156,10 @@ in
           nameValuePair "tahoe.introducer-${node}" {
             description = "Tahoe node user for introducer ${node}";
             isSystemUser = true;
+            group = "tahoe.introducer-${node}";
+          });
+        users.groups = flip mapAttrs' cfg.introducers (node: _:
+            nameValuePair "tahoe.introducer-${node}" {
           });
       })
       (mkIf (cfg.nodes != {}) {
@@ -287,6 +291,10 @@ in
           nameValuePair "tahoe.${node}" {
             description = "Tahoe node user for node ${node}";
             isSystemUser = true;
+            group = "tahoe.${node}";
+          });
+        users.groups = flip mapAttrs' cfg.introducers (node: _:
+            nameValuePair "tahoe.${node}" {
           });
       })
     ];
-- 
GitLab