diff options
| author | Russell O'Connor <oconnorr@google.com> | 2015-06-24 14:42:43 +0000 |
|---|---|---|
| committer | Russell O'Connor <oconnorr@google.com> | 2015-06-24 14:48:53 +0000 |
| commit | 46f06ccde7deb76bc1b8a04671ecdf486480c74e (patch) | |
| tree | 15b54a70b36ccd2dd7fcf9218f27ee6de504cc81 /nixos | |
| parent | 97ae36691ef34f01e5f3fb2b7370be186af17b3f (diff) | |
| download | nixlib-46f06ccde7deb76bc1b8a04671ecdf486480c74e.tar nixlib-46f06ccde7deb76bc1b8a04671ecdf486480c74e.tar.gz nixlib-46f06ccde7deb76bc1b8a04671ecdf486480c74e.tar.bz2 nixlib-46f06ccde7deb76bc1b8a04671ecdf486480c74e.tar.lz nixlib-46f06ccde7deb76bc1b8a04671ecdf486480c74e.tar.xz nixlib-46f06ccde7deb76bc1b8a04671ecdf486480c74e.tar.zst nixlib-46f06ccde7deb76bc1b8a04671ecdf486480c74e.zip | |
uwsgi-service: Add user/group for uwsgi service.
Also add a uwsgi directory under /run (defaulting to /run/uwsgi) where the uwsgi user can place sockets.
Diffstat (limited to 'nixos')
| -rw-r--r-- | nixos/modules/misc/ids.nix | 2 | ||||
| -rw-r--r-- | nixos/modules/services/web-servers/uwsgi.nix | 42 |
2 files changed, 37 insertions, 7 deletions
diff --git a/nixos/modules/misc/ids.nix b/nixos/modules/misc/ids.nix index 0b0be87347dc..e6357d138cae 100644 --- a/nixos/modules/misc/ids.nix +++ b/nixos/modules/misc/ids.nix @@ -222,6 +222,7 @@ ripple-rest = 198; nix-serve = 199; tvheadend = 200; + uwsgi = 201; # When adding a uid, make sure it doesn't match an existing gid. And don't use uids above 399! @@ -422,6 +423,7 @@ #ripple-rest = 198; #unused #nix-serve = 199; #unused #tvheadend = 200; #unused + uwsgi = 201; # When adding a gid, make sure it doesn't match an existing # uid. Users and groups with the same name should have equal diff --git a/nixos/modules/services/web-servers/uwsgi.nix b/nixos/modules/services/web-servers/uwsgi.nix index 6e454a2dacd7..3e18a6f0e986 100644 --- a/nixos/modules/services/web-servers/uwsgi.nix +++ b/nixos/modules/services/web-servers/uwsgi.nix @@ -47,13 +47,19 @@ in { options = { services.uwsgi = { - + enable = mkOption { type = types.bool; default = false; description = "Enable uWSGI"; }; + runDir = mkOption { + type = types.string; + default = "/run/uwsgi"; + description = "Where uWSGI communication sockets can live"; + }; + instance = mkOption { type = types.attrs; default = { @@ -66,7 +72,7 @@ in { moin = { type = "normal"; python2Packages = self: with self; [ moinmoin ]; - socket = "/run/uwsgi.sock"; + socket = "${config.services.uwsgi.runDir}/uwsgi.sock"; }; }; } @@ -89,24 +95,46 @@ in { description = "Plugins used with uWSGI"; }; - }; + user = mkOption { + type = types.str; + default = "uwsgi"; + description = "User account under which uwsgi runs."; + }; + group = mkOption { + type = types.str; + default = "uwsgi"; + description = "Group account under which uwsgi runs."; + }; + }; }; config = mkIf cfg.enable { - systemd.services.uwsgi = { wantedBy = [ "multi-user.target" ]; - + preStart = '' + mkdir -p ${cfg.runDir} + chown ${cfg.user}:${cfg.group} ${cfg.runDir} + ''; serviceConfig = { Type = "notify"; - ExecStart = "${uwsgi}/bin/uwsgi --json ${pkgs.writeText "uwsgi.json" (buildCfg cfg.instance)}"; + ExecStart = "${uwsgi}/bin/uwsgi --uid ${cfg.user} --gid ${cfg.group} --json ${pkgs.writeText "uwsgi.json" (buildCfg cfg.instance)}"; ExecReload = "${pkgs.coreutils}/bin/kill -HUP $MAINPID"; ExecStop = "${pkgs.coreutils}/bin/kill -INT $MAINPID"; NotifyAccess = "main"; KillSignal = "SIGQUIT"; }; - }; + + users.extraUsers = optionalAttrs (cfg.user == "uwsgi") (singleton + { name = "uwsgi"; + group = cfg.group; + uid = config.ids.uids.uwsgi; + }); + + users.extraGroups = optionalAttrs (cfg.group == "uwsgi") (singleton + { name = "uwsgi"; + gid = config.ids.gids.uwsgi; + }); }; } |