about summary refs log tree commit diff
path: root/nixos/modules/services/web-servers
diff options
context:
space:
mode:
authorIzorkin <izorkin@elven.pw>2020-04-14 23:33:33 +0300
committerIzorkin <izorkin@elven.pw>2020-05-06 12:27:12 +0300
commitcfad151ac56248dd6b74c298a4f864546ac78a3e (patch)
treea117297f88bbcb6ad237cafd0d12a424caffdeb5 /nixos/modules/services/web-servers
parent3eb6012b64bc8ef243168ea8edce6c417cb8ad03 (diff)
downloadnixlib-cfad151ac56248dd6b74c298a4f864546ac78a3e.tar
nixlib-cfad151ac56248dd6b74c298a4f864546ac78a3e.tar.gz
nixlib-cfad151ac56248dd6b74c298a4f864546ac78a3e.tar.bz2
nixlib-cfad151ac56248dd6b74c298a4f864546ac78a3e.tar.lz
nixlib-cfad151ac56248dd6b74c298a4f864546ac78a3e.tar.xz
nixlib-cfad151ac56248dd6b74c298a4f864546ac78a3e.tar.zst
nixlib-cfad151ac56248dd6b74c298a4f864546ac78a3e.zip
nixos/unit: run Unit as root
In latest release recommended not set ambient capabilities.
Diffstat (limited to 'nixos/modules/services/web-servers')
-rw-r--r--nixos/modules/services/web-servers/unit/default.nix5
1 files changed, 0 insertions, 5 deletions
diff --git a/nixos/modules/services/web-servers/unit/default.nix b/nixos/modules/services/web-servers/unit/default.nix
index 59f03c923e63..989866144e1e 100644
--- a/nixos/modules/services/web-servers/unit/default.nix
+++ b/nixos/modules/services/web-servers/unit/default.nix
@@ -108,11 +108,6 @@ in {
         ExecStop = ''
           ${pkgs.curl}/bin/curl -X DELETE --unix-socket '/run/unit/control.unit.sock' 'http://localhost/config'
         '';
-        # User and group
-        User = cfg.user;
-        Group = cfg.group;
-        # Capabilities
-        AmbientCapabilities = [ "CAP_NET_BIND_SERVICE" "CAP_SETGID" "CAP_SETUID" ];
         # Runtime directory and mode
         RuntimeDirectory = "unit";
         RuntimeDirectoryMode = "0750";
generated by cgit-pink 1.4.1 (git 2.36.1) at 2024-07-22 03:08:41 +0000