pyrox.dev / nixpkgs
lol
fork atom

uwsgi-service: Add user/group for uwsgi service. Also add a uwsgi directory under /run (defaulting to /run/uwsgi) where the uwsgi user can place sockets.

Russell O'Connor 46f06ccd 97ae3669

options
unified split
Changed files
+37 -7
nixos
modules
misc
ids.nix
services
web-servers
uwsgi.nix
+2
nixos/modules/misc/ids.nix 
···

       
222

       
222

       
 

       
      ripple-rest = 198;


     

       
223

       
223

       
 

       
      nix-serve = 199;


     

       
224

       
224

       
 

       
      tvheadend = 200;


     

       

       
225

       
+

       
      uwsgi = 201;


     

       
225

       
226

       
 

       



     

       
226

       
227

       
 

       
      # When adding a uid, make sure it doesn't match an existing gid. And don't use uids above 399!


     

       
227

       
228

       
 

       



     
···

       
422

       
423

       
 

       
      #ripple-rest = 198; #unused


     

       
423

       
424

       
 

       
      #nix-serve = 199; #unused


     

       
424

       
425

       
 

       
      #tvheadend = 200; #unused


     

       

       
426

       
+

       
      uwsgi = 201;


     

       
425

       
427

       
 

       



     

       
426

       
428

       
 

       
      # When adding a gid, make sure it doesn't match an existing


     

       
427

       
429

       
 

       
      # uid. Users and groups with the same name should have equal
+35 -7
nixos/modules/services/web-servers/uwsgi.nix 
···

       
47

       
47

       
 

       



     

       
48

       
48

       
 

       
  options = {


     

       
49

       
49

       
 

       
    services.uwsgi = {


     

       
50

       

       
-

       
      


     

       

       
50

       
+

       



     

       
51

       
51

       
 

       
      enable = mkOption {


     

       
52

       
52

       
 

       
        type = types.bool;


     

       
53

       
53

       
 

       
        default = false;


     

       
54

       
54

       
 

       
        description = "Enable uWSGI";


     

       
55

       
55

       
 

       
      };


     

       
56

       
56

       
 

       



     

       

       
57

       
+

       
      runDir = mkOption {


     

       

       
58

       
+

       
        type = types.string;


     

       

       
59

       
+

       
        default = "/run/uwsgi";


     

       

       
60

       
+

       
        description = "Where uWSGI communication sockets can live";


     

       

       
61

       
+

       
      };


     

       

       
62

       
+

       



     

       
57

       
63

       
 

       
      instance = mkOption {


     

       
58

       
64

       
 

       
        type = types.attrs;


     

       
59

       
65

       
 

       
        default = {


     
···

       
66

       
72

       
 

       
              moin = {


     

       
67

       
73

       
 

       
                type = "normal";


     

       
68

       
74

       
 

       
                python2Packages = self: with self; [ moinmoin ];


     

       
69

       

       
-

       
                socket = "/run/uwsgi.sock";


     

       

       
75

       
+

       
                socket = "${config.services.uwsgi.runDir}/uwsgi.sock";


     

       
70

       
76

       
 

       
              };


     

       
71

       
77

       
 

       
            };


     

       
72

       
78

       
 

       
          }


     
···

       
89

       
95

       
 

       
        description = "Plugins used with uWSGI";


     

       
90

       
96

       
 

       
      };


     

       
91

       
97

       
 

       



     

       
92

       

       
-

       
    };


     

       

       
98

       
+

       
      user = mkOption {


     

       

       
99

       
+

       
        type = types.str;


     

       

       
100

       
+

       
        default = "uwsgi";


     

       

       
101

       
+

       
        description = "User account under which uwsgi runs.";


     

       

       
102

       
+

       
      };


     

       
93

       
103

       
 

       



     

       

       
104

       
+

       
      group = mkOption {


     

       

       
105

       
+

       
        type = types.str;


     

       

       
106

       
+

       
        default = "uwsgi";


     

       

       
107

       
+

       
        description = "Group account under which uwsgi runs.";


     

       

       
108

       
+

       
      };


     

       

       
109

       
+

       
    };


     

       
94

       
110

       
 

       
  };


     

       
95

       
111

       
 

       



     

       
96

       
112

       
 

       
  config = mkIf cfg.enable {


     

       
97

       

       
-

       



     

       
98

       
113

       
 

       
    systemd.services.uwsgi = {


     

       
99

       
114

       
 

       
      wantedBy = [ "multi-user.target" ];


     

       
100

       

       
-

       
      


     

       

       
115

       
+

       
      preStart = ''


     

       

       
116

       
+

       
        mkdir -p ${cfg.runDir}


     

       

       
117

       
+

       
        chown ${cfg.user}:${cfg.group} ${cfg.runDir}


     

       

       
118

       
+

       
      '';


     

       
101

       
119

       
 

       
      serviceConfig = {


     

       
102

       
120

       
 

       
        Type = "notify";


     

       
103

       

       
-

       
        ExecStart = "${uwsgi}/bin/uwsgi --json ${pkgs.writeText "uwsgi.json" (buildCfg cfg.instance)}";


     

       

       
121

       
+

       
        ExecStart = "${uwsgi}/bin/uwsgi --uid ${cfg.user} --gid ${cfg.group} --json ${pkgs.writeText "uwsgi.json" (buildCfg cfg.instance)}";


     

       
104

       
122

       
 

       
        ExecReload = "${pkgs.coreutils}/bin/kill -HUP $MAINPID";


     

       
105

       
123

       
 

       
        ExecStop = "${pkgs.coreutils}/bin/kill -INT $MAINPID";


     

       
106

       
124

       
 

       
        NotifyAccess = "main";


     

       
107

       
125

       
 

       
        KillSignal = "SIGQUIT";


     

       
108

       
126

       
 

       
      };


     

       

       
127

       
+

       
    };


     

       
109

       
128

       
 

       



     

       
110

       

       
-

       
    };


     

       

       
129

       
+

       
    users.extraUsers = optionalAttrs (cfg.user == "uwsgi") (singleton


     

       

       
130

       
+

       
      { name = "uwsgi";


     

       

       
131

       
+

       
        group = cfg.group;


     

       

       
132

       
+

       
        uid = config.ids.uids.uwsgi;


     

       

       
133

       
+

       
      });


     

       

       
134

       
+

       



     

       

       
135

       
+

       
    users.extraGroups = optionalAttrs (cfg.group == "uwsgi") (singleton


     

       

       
136

       
+

       
      { name = "uwsgi";


     

       

       
137

       
+

       
        gid = config.ids.gids.uwsgi;


     

       

       
138

       
+

       
      });


     

       
111

       
139

       
 

       
  };


     

       
112

       
140

       
 

       
}