Whether to run reaction as root. Defaults to false, where an unprivileged reaction user is created.
Be sure to give it sufficient permissions. Example config permitting iptables and journalctl use
{
# allows reading journal logs of processess
users.users.reaction.extraGroups = [ "systemd-journal" ];
# allows modifying ip firewall rules
systemd.services.reaction.unitConfig.ConditionCapability = "CAP_NET_ADMIN";
systemd.services.reaction.serviceConfig = {
CapabilityBoundingSet = [ "CAP_NET_ADMIN" ];
AmbientCapabilities = [ "CAP_NET_ADMIN" ];
};
# optional, if more control over ssh logs is needed
services.openssh.settings.LogLevel = lib.mkDefault "VERBOSE";
}