commit 69a4836df5f586468755d4897cba02fc40dac24e · pyrox.dev/nixpkgs

nixos/doc/manual/release-notes/rl-1709.xml

···

       154
       154
        
             variables as parameters.

     

       155
       155
        
           </para>

     

       156
       156
        
         </listitem>

     

       157
       157
       +
         <listitem>

     

       158
       158
       +
           <para>

     

       159
       159
       +
             <literal>services.firefox.syncserver</literal> now runs by default as a

     

       160
       160
       +
             non-root user. To accomodate this change, the default sqlite database

     

       161
       161
       +
             location has also been changed. Migration should work automatically.

     

       162
       162
       +
             Refer to the description of the options for more details.

     

       163
       163
       +
           </para>

     

       164
       164
       +
         </listitem>

     

       157
       165
        
       </itemizedlist>

     

       158
       166
        
       

     

       159
       167
        
       <para>Other notable improvements:</para>

+49 -3

nixos/modules/services/networking/firefox/sync-server.nix

···

       4
       4
        
       

     

       5
       5
        
       let

     

       6
       6
        
         cfg = config.services.firefox.syncserver;

     

       7
       7
       +
       

     

       8
       8
       +
         defaultDbLocation = "/var/db/firefox-sync-server/firefox-sync-server.db";

     

       9
       9
       +
         defaultSqlUri = "sqlite:///${defaultDbLocation}";

     

       10
       10
       +
       

     

       7
       11
        
         syncServerIni = pkgs.writeText "syncserver.ini" ''

     

       8
       12
        
           [DEFAULT]

     

       9
       13
        
           overrides = ${cfg.privateConfig}

     
···

       25
       29
        
           backend = tokenserver.verifiers.LocalVerifier

     

       26
       30
        
           audiences = ${removeSuffix "/" cfg.publicUrl}

     

       27
       31
        
         '';

     

       32
       32
       +
       

     

       28
       33
        
       in

     

       29
       34
        
       

     

       30
       35
        
       {

     
···

       65
       70
        
               '';

     

       66
       71
        
             };

     

       67
       72
        
       

     

       73
       73
       +
             user = mkOption {

     

       74
       74
       +
               type = types.str;

     

       75
       75
       +
               default = "syncserver";

     

       76
       76
       +
               description = "User account under which syncserver runs.";

     

       77
       77
       +
             };

     

       78
       78
       +
       

     

       79
       79
       +
             group = mkOption {

     

       80
       80
       +
               type = types.str;

     

       81
       81
       +
               default = "syncserver";

     

       82
       82
       +
               description = "Group account under which syncserver runs.";

     

       83
       83
       +
             };

     

       84
       84
       +
       

     

       68
       85
        
             publicUrl = mkOption {

     

       69
       86
        
               type = types.str;

     

       70
       87
        
               default = "http://localhost:5000/";

     
···

       85
       102
        
       

     

       86
       103
        
             sqlUri = mkOption {

     

       87
       104
        
               type = types.str;

     

       88
       88
       -
               default = "sqlite:////var/db/firefox-sync-server.db";

     

       105
       105
       +
               default = defaultSqlUri;

     

       89
       106
        
               example = "postgresql://scott:tiger@localhost/test";

     

       90
       107
        
               description = ''

     

       91
       108
        
                 The location of the database. This URL is composed of

     
···

       126
       143
        
             description = "Firefox Sync Server";

     

       127
       144
        
             wantedBy = [ "multi-user.target" ];

     

       128
       145
        
             path = [ pkgs.coreutils syncServerEnv ];

     

       146
       146
       +
       

     

       147
       147
       +
             serviceConfig = {

     

       148
       148
       +
               User = cfg.user;

     

       149
       149
       +
               Group = cfg.group;

     

       150
       150
       +
               PermissionsStartOnly = true;

     

       151
       151
       +
             };

     

       152
       152
       +
       

     

       129
       153
        
             preStart = ''

     

       130
       154
        
               if ! test -e ${cfg.privateConfig}; then

     

       131
       131
       -
                 umask u=rwx,g=x,o=x

     

       132
       132
       -
                 mkdir -p $(dirname ${cfg.privateConfig})

     

       155
       155
       +
                 mkdir -m 700 -p $(dirname ${cfg.privateConfig})

     

       133
       156
        
                 echo  > ${cfg.privateConfig} '[syncserver]'

     

       134
       157
        
                 echo >> ${cfg.privateConfig} "secret = $(head -c 20 /dev/urandom | sha1sum | tr -d ' -')"

     

       135
       158
        
               fi

     

       159
       159
       +
               chown ${cfg.user}:${cfg.group} ${cfg.privateConfig}

     

       160
       160
       +
             '' + optionalString (cfg.sqlUri == defaultSqlUri) ''

     

       161
       161
       +
               if ! test -e $(dirname ${defaultDbLocation}); then

     

       162
       162
       +
                 mkdir -m 700 -p $(dirname ${defaultDbLocation})

     

       163
       163
       +
                 chown ${cfg.user}:${cfg.group} $(dirname ${defaultDbLocation})

     

       164
       164
       +
               fi

     

       165
       165
       +
               # Move previous database file if it exists

     

       166
       166
       +
               oldDb="/var/db/firefox-sync-server.db"

     

       167
       167
       +
               if test -f $oldDb; then

     

       168
       168
       +
                 mv $oldDb ${defaultDbLocation}

     

       169
       169
       +
                 chown ${cfg.user}:${cfg.group} ${defaultDbLocation}

     

       170
       170
       +
               fi

     

       136
       171
        
             '';

     

       137
       172
        
             serviceConfig.ExecStart = "${syncServerEnv}/bin/paster serve ${syncServerIni}";

     

       138
       173
        
           };

     

       139
       174
        
       

     

       175
       175
       +
           users.extraUsers = optionalAttrs (cfg.user == "syncserver")

     

       176
       176
       +
             (singleton {

     

       177
       177
       +
               name = "syncserver";

     

       178
       178
       +
               group = cfg.group;

     

       179
       179
       +
               isSystemUser = true;

     

       180
       180
       +
             });

     

       181
       181
       +
       

     

       182
       182
       +
           users.extraGroups = optionalAttrs (cfg.group == "syncserver")

     

       183
       183
       +
             (singleton {

     

       184
       184
       +
               name = "syncserver";

     

       185
       185
       +
             });

     

       140
       186
        
         };

     

       141
       187
        
       }