Get linux username of NixOS nextcloud service

dmo84 · August 29, 2023, 8:39pm

I want to run a custom systemd service as the nextcloud user.
Currently I’ve hardcoded the username. But I would prefer to read the nextcloud username from the nixos/modules/services/web-apps/nextcloud.nix module.

The nextcloud module defines the nextcloud user hardcoded as follows

     users.users.nextcloud = {
        home = "${cfg.home}";
        group = "nextcloud";
        isSystemUser = true;
     };

My guess is that because of this hardcoded username in the nextcloud module, I cannot read the defined username (users.users.nextcloud) without modifying the nextcloud module itself.

Am I right? Or does nix/NixOS offer some solution I haven’t found yet?

This is my systemd custom service example

systemd = {
    paths.nextcloud-brother-filewatch = {
      wantedBy = [ "multi-user.target" ]; 
      pathConfig.PathChanged = [ "${nextcloud-folder}" ];

    };

    services.nextcloud-brother-filewatch = {
      wantedBy = [ "multi-user.target" ]; 
      after = [ "network.target" ];
      description = "Watch groups home dir for changes and trigger nextcloud rescan.";
      serviceConfig = {
        Type = "oneshot";
        User = "nextcloud";  # todo replace by nextcloud config variable 
        ExecStart = "/run/current-system/sw/bin/nextcloud-occ groupfolders:scan ${nextcloud-groupfolder-id}";         
      };  # 
    };
  };

peterhoeg · August 30, 2023, 7:33am

Try this

{
  systemd = {
    services.nextcloud-brother-filewatch = {
      serviceConfig = {
        User = config.users.users.nextcloud.name;
        ExecStart = "${lib.getExe config.services.nextcloud.occ} groupfolders:scan ${nextcloud-groupfolder-id}";
      };
    };
  };
}

dmo84 · August 30, 2023, 10:00pm

I like this approach by using lib.getExe.
Thank your very much for this insightful snippet

Yeah … this came into my mind, too.
But I see no advantage to User = "nextcloud".
In both cases the user name is hardcoded.

Maybe there is no solution for this, as the module doesn’t provide an configuration option for the username?!

peterhoeg · September 5, 2023, 2:47pm

The difference is that if for whatever reason the nextcloud user changes (to nextcloud-ng as an example), then your build will fail. If you’re just using a string, then it may end up drifting.