uwsgi-service: Add user/group for uwsgi service.

Also add a uwsgi directory under /run (defaulting to /run/uwsgi) where the uwsgi user can place sockets.
This commit is contained in:
Russell O'Connor 2015-06-24 14:42:43 +00:00
parent 97ae36691e
commit 46f06ccde7
2 changed files with 37 additions and 7 deletions

View file

@ -222,6 +222,7 @@
ripple-rest = 198;
nix-serve = 199;
tvheadend = 200;
uwsgi = 201;
# When adding a uid, make sure it doesn't match an existing gid. And don't use uids above 399!
@ -422,6 +423,7 @@
#ripple-rest = 198; #unused
#nix-serve = 199; #unused
#tvheadend = 200; #unused
uwsgi = 201;
# When adding a gid, make sure it doesn't match an existing
# uid. Users and groups with the same name should have equal

View file

@ -47,13 +47,19 @@ in {
options = {
services.uwsgi = {
enable = mkOption {
type = types.bool;
default = false;
description = "Enable uWSGI";
};
runDir = mkOption {
type = types.string;
default = "/run/uwsgi";
description = "Where uWSGI communication sockets can live";
};
instance = mkOption {
type = types.attrs;
default = {
@ -66,7 +72,7 @@ in {
moin = {
type = "normal";
python2Packages = self: with self; [ moinmoin ];
socket = "/run/uwsgi.sock";
socket = "${config.services.uwsgi.runDir}/uwsgi.sock";
};
};
}
@ -89,24 +95,46 @@ in {
description = "Plugins used with uWSGI";
};
};
user = mkOption {
type = types.str;
default = "uwsgi";
description = "User account under which uwsgi runs.";
};
group = mkOption {
type = types.str;
default = "uwsgi";
description = "Group account under which uwsgi runs.";
};
};
};
config = mkIf cfg.enable {
systemd.services.uwsgi = {
wantedBy = [ "multi-user.target" ];
preStart = ''
mkdir -p ${cfg.runDir}
chown ${cfg.user}:${cfg.group} ${cfg.runDir}
'';
serviceConfig = {
Type = "notify";
ExecStart = "${uwsgi}/bin/uwsgi --json ${pkgs.writeText "uwsgi.json" (buildCfg cfg.instance)}";
ExecStart = "${uwsgi}/bin/uwsgi --uid ${cfg.user} --gid ${cfg.group} --json ${pkgs.writeText "uwsgi.json" (buildCfg cfg.instance)}";
ExecReload = "${pkgs.coreutils}/bin/kill -HUP $MAINPID";
ExecStop = "${pkgs.coreutils}/bin/kill -INT $MAINPID";
NotifyAccess = "main";
KillSignal = "SIGQUIT";
};
};
users.extraUsers = optionalAttrs (cfg.user == "uwsgi") (singleton
{ name = "uwsgi";
group = cfg.group;
uid = config.ids.uids.uwsgi;
});
users.extraGroups = optionalAttrs (cfg.group == "uwsgi") (singleton
{ name = "uwsgi";
gid = config.ids.gids.uwsgi;
});
};
}