Commit `26770a0a7b8e`

Vincent Demeester <vincent@sbr.pm>

2026-02-16 16:36:22

Fix NixOS module: don't override existing user's home directory

When running as an existing user (e.g. vincent), the module was setting users.users.vincent.home = /var/lib/daneel, conflicting with the real home directory. Fix: Only create user/group when using the default 'daneel' user. Use hardcoded attr name instead of interpolated ${cfg.user} to avoid touching existing users at all.

feature/pi-refactor

1 parent 68b676c

Changed files (1)

nix

module.nix

@@ -101,14 +101,20 @@ in
       }
     ];
 
-    users.users.${cfg.user} = {
-      isSystemUser = true;
-      group = cfg.group;
-      home = cfg.dataDir;
-      createHome = true;
+    # Only create user/group when using dedicated daneel user
+    # (skip when running as an existing user like "vincent")
+    users.users = lib.mkIf (cfg.user == "daneel") {
+      daneel = {
+        isSystemUser = true;
+        group = cfg.group;
+        home = cfg.dataDir;
+        createHome = true;
+      };
     };
 
-    users.groups.${cfg.group} = { };
+    users.groups = lib.mkIf (cfg.group == "daneel") {
+      daneel = { };
+    };
 
     systemd.services.daneel = {
       description = "Daneel XMPP Research Bot";
@@ -127,7 +133,7 @@ in
         NoNewPrivileges = true;
         PrivateTmp = true;
         ProtectSystem = "strict";
-        ProtectHome = true;
+        ProtectHome = cfg.user == "daneel";
         ReadWritePaths = [ cfg.dataDir (builtins.dirOf cfg.inboxPath) ];
         ProtectKernelTunables = true;
         ProtectKernelModules = true;

Commit 26770a0a7b8e

Commit `26770a0a7b8e`