commit 46f06ccde7deb76bc1b8a04671ecdf486480c74e · pyrox.dev/nixpkgs

pyrox.dev / nixpkgs

lol

uwsgi-service: Add user/group for uwsgi service. Also add a uwsgi directory under /run (defaulting to /run/uwsgi) where the uwsgi user can place sockets.

Russell O'Connor 10 years ago 46f06ccd 97ae3669

+37 -7

2 changed files

expand all

unified split

nixos

modules

misc

ids.nix

services

web-servers

uwsgi.nix

nixos/modules/misc/ids.nix

··· 222 222 ripple-rest = 198; 223 223 nix-serve = 199; 224 224 tvheadend = 200; 225 + uwsgi = 201; 225 226 226 227 # When adding a uid, make sure it doesn't match an existing gid. And don't use uids above 399! 227 228 ··· 422 423 #ripple-rest = 198; #unused 423 424 #nix-serve = 199; #unused 424 425 #tvheadend = 200; #unused 426 + uwsgi = 201; 425 427 426 428 # When adding a gid, make sure it doesn't match an existing 427 429 # uid. Users and groups with the same name should have equal

+35 -7

nixos/modules/services/web-servers/uwsgi.nix

··· 47 47 48 48 options = { 49 49 services.uwsgi = { 50 - 50 + 51 51 enable = mkOption { 52 52 type = types.bool; 53 53 default = false; 54 54 description = "Enable uWSGI"; 55 55 }; 56 56 57 + runDir = mkOption { 58 + type = types.string; 59 + default = "/run/uwsgi"; 60 + description = "Where uWSGI communication sockets can live"; 61 + }; 62 + 57 63 instance = mkOption { 58 64 type = types.attrs; 59 65 default = { ··· 66 72 moin = { 67 73 type = "normal"; 68 74 python2Packages = self: with self; [ moinmoin ]; 69 - socket = "/run/uwsgi.sock"; 75 + socket = "${config.services.uwsgi.runDir}/uwsgi.sock"; 70 76 }; 71 77 }; 72 78 } ··· 89 95 description = "Plugins used with uWSGI"; 90 96 }; 91 97 92 - }; 98 + user = mkOption { 99 + type = types.str; 100 + default = "uwsgi"; 101 + description = "User account under which uwsgi runs."; 102 + }; 93 103 104 + group = mkOption { 105 + type = types.str; 106 + default = "uwsgi"; 107 + description = "Group account under which uwsgi runs."; 108 + }; 109 + }; 94 110 }; 95 111 96 112 config = mkIf cfg.enable { 97 - 98 113 systemd.services.uwsgi = { 99 114 wantedBy = [ "multi-user.target" ]; 100 - 115 + preStart = '' 116 + mkdir -p ${cfg.runDir} 117 + chown ${cfg.user}:${cfg.group} ${cfg.runDir} 118 + ''; 101 119 serviceConfig = { 102 120 Type = "notify"; 103 - ExecStart = "${uwsgi}/bin/uwsgi --json ${pkgs.writeText "uwsgi.json" (buildCfg cfg.instance)}"; 121 + ExecStart = "${uwsgi}/bin/uwsgi --uid ${cfg.user} --gid ${cfg.group} --json ${pkgs.writeText "uwsgi.json" (buildCfg cfg.instance)}"; 104 122 ExecReload = "${pkgs.coreutils}/bin/kill -HUP $MAINPID"; 105 123 ExecStop = "${pkgs.coreutils}/bin/kill -INT $MAINPID"; 106 124 NotifyAccess = "main"; 107 125 KillSignal = "SIGQUIT"; 108 126 }; 127 + }; 109 128 110 - }; 129 + users.extraUsers = optionalAttrs (cfg.user == "uwsgi") (singleton 130 + { name = "uwsgi"; 131 + group = cfg.group; 132 + uid = config.ids.uids.uwsgi; 133 + }); 134 + 135 + users.extraGroups = optionalAttrs (cfg.group == "uwsgi") (singleton 136 + { name = "uwsgi"; 137 + gid = config.ids.gids.uwsgi; 138 + }); 111 139 }; 112 140 }