pyrox.dev / nixpkgs
lol
fork atom

nixos/ihatemoney: run uwsgi emperor as normal user

rnhmjoj 5597f6de c00240e4

options
unified split
Changed files
+3 -6
nixos
modules
services
web-apps
ihatemoney
default.nix
+3 -6
nixos/modules/services/web-apps/ihatemoney/default.nix 
···

       
44

       
44

       
 

       
in


     

       
45

       
45

       
 

       
  {


     

       
46

       
46

       
 

       
    options.services.ihatemoney = {


     

       
47

       

       
-

       
      enable = mkEnableOption "ihatemoney webapp. Note that this will set uwsgi to emperor mode running as root";


     

       

       
47

       
+

       
      enable = mkEnableOption "ihatemoney webapp. Note that this will set uwsgi to emperor mode";


     

       
48

       
48

       
 

       
      backend = mkOption {


     

       
49

       
49

       
 

       
        type = types.enum [ "sqlite" "postgresql" ];


     

       
50

       
50

       
 

       
        default = "sqlite";


     
···

       
116

       
116

       
 

       
      services.uwsgi = {


     

       
117

       
117

       
 

       
        enable = true;


     

       
118

       
118

       
 

       
        plugins = [ "python3" ];


     

       
119

       

       
-

       
        # the vassal needs to be able to setuid


     

       
120

       

       
-

       
        user = "root";


     

       
121

       

       
-

       
        group = "root";


     

       
122

       
119

       
 

       
        instance = {


     

       
123

       
120

       
 

       
          type = "emperor";


     

       
124

       
121

       
 

       
          vassals.ihatemoney = {


     

       
125

       
122

       
 

       
            type = "normal";


     

       
126

       
123

       
 

       
            strict = true;


     

       
127

       

       
-

       
            uid = user;


     

       
128

       

       
-

       
            gid = group;


     

       

       
124

       
+

       
            immediate-uid = user;


     

       

       
125

       
+

       
            immediate-gid = group;


     

       
129

       
126

       
 

       
            # apparently flask uses threads: https://github.com/spiral-project/ihatemoney/commit/c7815e48781b6d3a457eaff1808d179402558f8c


     

       
130

       
127

       
 

       
            enable-threads = true;


     

       
131

       
128

       
 

       
            module = "wsgi:application";