From ba7925dd69b2bcd6ed6714b54cb68a0f6b70ac8b Mon Sep 17 00:00:00 2001
From: Anthony Roussel <anthony@roussel.dev>
Date: Thu, 11 Apr 2024 22:15:11 +0200
Subject: [PATCH] nixos/gns3-server: disable SystemD DisableUser

Usage of DynamicUser is compatible with SUID wrappers.
GNS3 needs to call ubridge via its SUID Wrapper to work.
---
 nixos/modules/services/networking/gns3-server.nix | 8 +++++++-
 1 file changed, 7 insertions(+), 1 deletion(-)

diff --git a/nixos/modules/services/networking/gns3-server.nix b/nixos/modules/services/networking/gns3-server.nix
index a2b7a7bf49a6412..637d6184bc6f5b3 100644
--- a/nixos/modules/services/networking/gns3-server.nix
+++ b/nixos/modules/services/networking/gns3-server.nix
@@ -129,8 +129,15 @@ in {
       }
     ];
 
+    users.groups.gns3 = { };
+
     users.groups.ubridge = lib.mkIf cfg.ubridge.enable { };
 
+    users.users.gns3 = {
+      group = "gns3";
+      isSystemUser = true;
+    };
+
     security.wrappers.ubridge = lib.mkIf cfg.ubridge.enable {
       capabilities = "cap_net_raw,cap_net_admin=eip";
       group = "ubridge";
@@ -206,7 +213,6 @@ in {
       serviceConfig = {
         ConfigurationDirectory = "gns3";
         ConfigurationDirectoryMode = "0750";
-        DynamicUser = true;
         Environment = "HOME=%S/gns3";
         ExecReload = "${pkgs.coreutils}/bin/kill -HUP $MAINPID";
         ExecStart = "${lib.getExe cfg.package} ${commandArgs}";