From 9c7fae83eefd7693770d7ecf5a09ea68af3b3b31 Mon Sep 17 00:00:00 2001
From: rushmorem <rushmore@webenchanter.com>
Date: Mon, 25 May 2015 11:31:57 +0200
Subject: Make it easy to override the marathon framework user

Currently the module hardcodes the systemd service user to "marathon".
With this change one would not need to create an extra systemd config to
override the user.

So why would one need to override the Marathon user? Some apps require
root access to run. You can't run those with Marathon unless you
override the default user to root. Marathon also provides a
`--mesos_user` command line flag which allows you to run apps using
arbitrary users. You need to run the framework as root to enable this
functionality.
---
 nixos/modules/services/scheduling/marathon.nix | 33 ++++++++++++++++----------
 1 file changed, 21 insertions(+), 12 deletions(-)

(limited to 'nixos/modules/services/scheduling')

diff --git a/nixos/modules/services/scheduling/marathon.nix b/nixos/modules/services/scheduling/marathon.nix
index ab93334f5fc9..b9f4a808b0ce 100644
--- a/nixos/modules/services/scheduling/marathon.nix
+++ b/nixos/modules/services/scheduling/marathon.nix
@@ -19,14 +19,6 @@ in {
       '';
     };
 
-    httpPort = mkOption {
-      type = types.int;
-      default = 8080;
-      description = ''
-	Marathon listening port for HTTP connections.
-      '';
-    };
-
     master = mkOption {
       type = types.str;
       default = "zk://${concatStringsSep "," cfg.zookeeperHosts}/mesos";
@@ -45,6 +37,25 @@ in {
       '';
     };
 
+    user = mkOption {
+      type = types.str;
+      default = "marathon";
+      example = "root";
+      description = ''
+	The user that the Marathon framework will be launched as. If the user doesn't exist it will be created.
+	If you want to run apps that require root access or you want to launch apps using arbitrary users, that
+	is using the `--mesos_user` flag then you need to change this to `root`.
+      '';
+    };
+
+    httpPort = mkOption {
+      type = types.int;
+      default = 8080;
+      description = ''
+	Marathon listening port for HTTP connections.
+      '';
+    };
+
     extraCmdLineOptions = mkOption {
       type = types.listOf types.str;
       default = [ ];
@@ -76,14 +87,12 @@ in {
 
       serviceConfig = {
         ExecStart = "${pkgs.marathon}/bin/marathon --master ${cfg.master} --zk zk://${concatStringsSep "," cfg.zookeeperHosts}/marathon --http_port ${toString cfg.httpPort} ${concatStringsSep " " cfg.extraCmdLineOptions}";
-        User = "marathon";
+        User = cfg.user;
         Restart = "always";
         RestartSec = "2";
       };
     };
 
-    users.extraUsers.marathon = {
-      description = "Marathon mesos framework user";
-    };
+    users.extraUsers.${cfg.user} = { };
   };
 }
-- 
cgit 1.4.1