movefasta/nixpkgs
1
0
Fork 0
mirror of https://github.com/NixOS/nixpkgs.git synced 2025-06-14 05:29:20 +03:00
Code Issues Projects Releases Packages Wiki Activity

nixos/ihatemoney: run uwsgi emperor as normal user

Browse source
This commit is contained in:
rnhmjoj 2021-01-10 19:13:12 +01:00
parent c00240e41e
commit 5597f6ded8
No known key found for this signature in database
GPG key ID: BFBAF4C975F76450
1 changed files with 3 additions and 6 deletions
Download patch file Download diff file Expand all files Collapse all files

9
nixos/modules/services/web-apps/ihatemoney/default.nix
View file

@ -44,7 +44,7 @@ let
in in
{ {
options.services.ihatemoney = { options.services.ihatemoney = {
enable = mkEnableOption "ihatemoney webapp. Note that this will set uwsgi to emperor mode running as root"; enable = mkEnableOption "ihatemoney webapp. Note that this will set uwsgi to emperor mode";
backend = mkOption { backend = mkOption {
type = types.enum [ "sqlite" "postgresql" ]; type = types.enum [ "sqlite" "postgresql" ];
default = "sqlite"; default = "sqlite";
@ -116,16 +116,13 @@ in
services.uwsgi = { services.uwsgi = {
enable = true; enable = true;
plugins = [ "python3" ]; plugins = [ "python3" ];
# the vassal needs to be able to setuid
user = "root";
group = "root";
instance = { instance = {
type = "emperor"; type = "emperor";
vassals.ihatemoney = { vassals.ihatemoney = {
type = "normal"; type = "normal";
strict = true; strict = true;
uid = user; immediate-uid = user;
gid = group; immediate-gid = group;
# apparently flask uses threads: https://github.com/spiral-project/ihatemoney/commit/c7815e48781b6d3a457eaff1808d179402558f8c # apparently flask uses threads: https://github.com/spiral-project/ihatemoney/commit/c7815e48781b6d3a457eaff1808d179402558f8c
enable-threads = true; enable-threads = true;
module = "wsgi:application"; module = "wsgi:application";