From 46878fb8107bdb1124a48768e42beca8ba93a59f Mon Sep 17 00:00:00 2001
From: Lamp <lamp@owo69.me>
Date: Fri, 11 Apr 2025 14:47:33 -0700
Subject: [PATCH] [deb] Don't run as root

---
 contrib/deb/generate.sh                  | 4 +---
 contrib/systemd/yggdrasil.service.debian | 2 +-
 2 files changed, 2 insertions(+), 4 deletions(-)

diff --git a/contrib/deb/generate.sh b/contrib/deb/generate.sh
index 5731827c..e72ad72a 100644
--- a/contrib/deb/generate.sh
+++ b/contrib/deb/generate.sh
@@ -79,9 +79,7 @@ cat > /tmp/$PKGNAME/debian/postinst << EOF
 
 systemctl daemon-reload
 
-if ! getent group yggdrasil 2>&1 > /dev/null; then
-  groupadd --system --force yggdrasil
-fi
+adduser --system --home /nonexistant --no-create-home --group --quiet yggdrasil
 
 if [ ! -d /etc/yggdrasil ];
 then
diff --git a/contrib/systemd/yggdrasil.service.debian b/contrib/systemd/yggdrasil.service.debian
index 0f3c7a8d..ab62f77b 100644
--- a/contrib/systemd/yggdrasil.service.debian
+++ b/contrib/systemd/yggdrasil.service.debian
@@ -6,7 +6,7 @@ After=network-online.target
 After=yggdrasil-default-config.service
 
 [Service]
-Group=yggdrasil
+User=yggdrasil
 ProtectHome=true
 ProtectSystem=strict
 NoNewPrivileges=true