nixos/mysql: run as mysql user and group

As we don't need to setup data directories from ExecStartPre= scripts anymore, which required root, but use systemd.tmpfiles.rules instead, everything can be run as just the mysql user.
2019-05-17 00:13:29 +02:00
parent 25494cc193
commit edd10c12f7
2 changed files with 13 additions and 0 deletions
--- a/nixos/modules/services/databases/mysql.nix
+++ b/nixos/modules/services/databases/mysql.nix
@@ -326,6 +326,8 @@ in
        '';

        serviceConfig = {
+          User = cfg.user;
+          Group = "mysql";
          Type = if hasNotify then "notify" else "simple";
          # /run/mysqld needs to be created in addition to pidDir, as they could point to different locations
          RuntimeDirectory = "mysqld";