diff options
author | rnhmjoj <rnhmjoj@inventati.org> | 2021-01-10 19:13:12 +0100 |
---|---|---|
committer | rnhmjoj <rnhmjoj@inventati.org> | 2021-01-10 19:26:42 +0100 |
commit | 5597f6ded8bf15a1b51dc717a9bf4611abf3435a (patch) | |
tree | f2319351abdc4cbbaacee346be3807ad96ee551e | |
parent | c00240e41e89becffe6f05a2df5f781ab76f863f (diff) | |
download | nixpkgs-5597f6ded8bf15a1b51dc717a9bf4611abf3435a.tar nixpkgs-5597f6ded8bf15a1b51dc717a9bf4611abf3435a.tar.gz nixpkgs-5597f6ded8bf15a1b51dc717a9bf4611abf3435a.tar.bz2 nixpkgs-5597f6ded8bf15a1b51dc717a9bf4611abf3435a.tar.lz nixpkgs-5597f6ded8bf15a1b51dc717a9bf4611abf3435a.tar.xz nixpkgs-5597f6ded8bf15a1b51dc717a9bf4611abf3435a.tar.zst nixpkgs-5597f6ded8bf15a1b51dc717a9bf4611abf3435a.zip |
nixos/ihatemoney: run uwsgi emperor as normal user
-rw-r--r-- | nixos/modules/services/web-apps/ihatemoney/default.nix | 9 |
1 files changed, 3 insertions, 6 deletions
diff --git a/nixos/modules/services/web-apps/ihatemoney/default.nix b/nixos/modules/services/web-apps/ihatemoney/default.nix index 68769ac8c03..b4987fa4702 100644 --- a/nixos/modules/services/web-apps/ihatemoney/default.nix +++ b/nixos/modules/services/web-apps/ihatemoney/default.nix @@ -44,7 +44,7 @@ let in { options.services.ihatemoney = { - enable = mkEnableOption "ihatemoney webapp. Note that this will set uwsgi to emperor mode running as root"; + enable = mkEnableOption "ihatemoney webapp. Note that this will set uwsgi to emperor mode"; backend = mkOption { type = types.enum [ "sqlite" "postgresql" ]; default = "sqlite"; @@ -116,16 +116,13 @@ in services.uwsgi = { enable = true; plugins = [ "python3" ]; - # the vassal needs to be able to setuid - user = "root"; - group = "root"; instance = { type = "emperor"; vassals.ihatemoney = { type = "normal"; strict = true; - uid = user; - gid = group; + immediate-uid = user; + immediate-gid = group; # apparently flask uses threads: https://github.com/spiral-project/ihatemoney/commit/c7815e48781b6d3a457eaff1808d179402558f8c enable-threads = true; module = "wsgi:application"; |