commit 46f06ccde7deb76bc1b8a04671ecdf486480c74e · pyrox.dev/nixpkgs

pyrox.dev / nixpkgs

lol

uwsgi-service: Add user/group for uwsgi service. Also add a uwsgi directory under /run (defaulting to /run/uwsgi) where the uwsgi user can place sockets.

Russell O'Connor 10 years ago 46f06ccd 97ae3669

+37 -7

2 changed files

expand all

unified split

nixos

modules

misc

ids.nix

services

web-servers

uwsgi.nix

nixos/modules/misc/ids.nix

··· 222 ripple-rest = 198; 223 nix-serve = 199; 224 tvheadend = 200; 225 226 # When adding a uid, make sure it doesn't match an existing gid. And don't use uids above 399! 227 ··· 422 #ripple-rest = 198; #unused 423 #nix-serve = 199; #unused 424 #tvheadend = 200; #unused 425 426 # When adding a gid, make sure it doesn't match an existing 427 # uid. Users and groups with the same name should have equal

··· 222 ripple-rest = 198; 223 nix-serve = 199; 224 tvheadend = 200; 225 + uwsgi = 201; 226 227 # When adding a uid, make sure it doesn't match an existing gid. And don't use uids above 399! 228 ··· 423 #ripple-rest = 198; #unused 424 #nix-serve = 199; #unused 425 #tvheadend = 200; #unused 426 + uwsgi = 201; 427 428 # When adding a gid, make sure it doesn't match an existing 429 # uid. Users and groups with the same name should have equal

+35 -7

nixos/modules/services/web-servers/uwsgi.nix

··· 47 48 options = { 49 services.uwsgi = { 50 - 51 enable = mkOption { 52 type = types.bool; 53 default = false; 54 description = "Enable uWSGI"; 55 }; 56 57 instance = mkOption { 58 type = types.attrs; 59 default = { ··· 66 moin = { 67 type = "normal"; 68 python2Packages = self: with self; [ moinmoin ]; 69 - socket = "/run/uwsgi.sock"; 70 }; 71 }; 72 } ··· 89 description = "Plugins used with uWSGI"; 90 }; 91 92 - }; 93 94 }; 95 96 config = mkIf cfg.enable { 97 - 98 systemd.services.uwsgi = { 99 wantedBy = [ "multi-user.target" ]; 100 - 101 serviceConfig = { 102 Type = "notify"; 103 - ExecStart = "${uwsgi}/bin/uwsgi --json ${pkgs.writeText "uwsgi.json" (buildCfg cfg.instance)}"; 104 ExecReload = "${pkgs.coreutils}/bin/kill -HUP $MAINPID"; 105 ExecStop = "${pkgs.coreutils}/bin/kill -INT $MAINPID"; 106 NotifyAccess = "main"; 107 KillSignal = "SIGQUIT"; 108 }; 109 110 - }; 111 }; 112 }

··· 47 48 options = { 49 services.uwsgi = { 50 + 51 enable = mkOption { 52 type = types.bool; 53 default = false; 54 description = "Enable uWSGI"; 55 }; 56 57 + runDir = mkOption { 58 + type = types.string; 59 + default = "/run/uwsgi"; 60 + description = "Where uWSGI communication sockets can live"; 61 + }; 62 + 63 instance = mkOption { 64 type = types.attrs; 65 default = { ··· 72 moin = { 73 type = "normal"; 74 python2Packages = self: with self; [ moinmoin ]; 75 + socket = "${config.services.uwsgi.runDir}/uwsgi.sock"; 76 }; 77 }; 78 } ··· 95 description = "Plugins used with uWSGI"; 96 }; 97 98 + user = mkOption { 99 + type = types.str; 100 + default = "uwsgi"; 101 + description = "User account under which uwsgi runs."; 102 + }; 103 104 + group = mkOption { 105 + type = types.str; 106 + default = "uwsgi"; 107 + description = "Group account under which uwsgi runs."; 108 + }; 109 + }; 110 }; 111 112 config = mkIf cfg.enable { 113 systemd.services.uwsgi = { 114 wantedBy = [ "multi-user.target" ]; 115 + preStart = '' 116 + mkdir -p ${cfg.runDir} 117 + chown ${cfg.user}:${cfg.group} ${cfg.runDir} 118 + ''; 119 serviceConfig = { 120 Type = "notify"; 121 + ExecStart = "${uwsgi}/bin/uwsgi --uid ${cfg.user} --gid ${cfg.group} --json ${pkgs.writeText "uwsgi.json" (buildCfg cfg.instance)}"; 122 ExecReload = "${pkgs.coreutils}/bin/kill -HUP $MAINPID"; 123 ExecStop = "${pkgs.coreutils}/bin/kill -INT $MAINPID"; 124 NotifyAccess = "main"; 125 KillSignal = "SIGQUIT"; 126 }; 127 + }; 128 129 + users.extraUsers = optionalAttrs (cfg.user == "uwsgi") (singleton 130 + { name = "uwsgi"; 131 + group = cfg.group; 132 + uid = config.ids.uids.uwsgi; 133 + }); 134 + 135 + users.extraGroups = optionalAttrs (cfg.group == "uwsgi") (singleton 136 + { name = "uwsgi"; 137 + gid = config.ids.gids.uwsgi; 138 + }); 139 }; 140 }