diff options
author | Elis Hirwing <elis@hirwing.se> | 2019-06-27 19:13:53 +0200 |
---|---|---|
committer | GitHub <noreply@github.com> | 2019-06-27 19:13:53 +0200 |
commit | b5478fd1a2ef442a54c36031bf3a27a96b5ea31c (patch) | |
tree | a898427ac474957a680888252c810e4bdfe37ecc /nixos/modules/services/mail | |
parent | dbb00bfcbfb291e79d4d2d512041656e6bcfcd9a (diff) | |
parent | eee87b460ea9a5a9e122dcc313fa20b9962872a5 (diff) | |
download | nixpkgs-b5478fd1a2ef442a54c36031bf3a27a96b5ea31c.tar nixpkgs-b5478fd1a2ef442a54c36031bf3a27a96b5ea31c.tar.gz nixpkgs-b5478fd1a2ef442a54c36031bf3a27a96b5ea31c.tar.bz2 nixpkgs-b5478fd1a2ef442a54c36031bf3a27a96b5ea31c.tar.lz nixpkgs-b5478fd1a2ef442a54c36031bf3a27a96b5ea31c.tar.xz nixpkgs-b5478fd1a2ef442a54c36031bf3a27a96b5ea31c.tar.zst nixpkgs-b5478fd1a2ef442a54c36031bf3a27a96b5ea31c.zip |
Merge pull request #63156 from Izorkin/phpfpm-rootless
phpfpm: do not run anything as root
Diffstat (limited to 'nixos/modules/services/mail')
-rw-r--r-- | nixos/modules/services/mail/roundcube.nix | 42 |
1 files changed, 23 insertions, 19 deletions
diff --git a/nixos/modules/services/mail/roundcube.nix b/nixos/modules/services/mail/roundcube.nix index e8b2e11bf72..12837f7efe7 100644 --- a/nixos/modules/services/mail/roundcube.nix +++ b/nixos/modules/services/mail/roundcube.nix @@ -105,7 +105,7 @@ in extraConfig = '' location ~* \.php$ { fastcgi_split_path_info ^(.+\.php)(/.+)$; - fastcgi_pass unix:/run/phpfpm/roundcube; + fastcgi_pass unix:/run/phpfpm-roundcube/roundcube.sock; include ${pkgs.nginx}/conf/fastcgi_params; include ${pkgs.nginx}/conf/fastcgi.conf; } @@ -119,24 +119,28 @@ in enable = true; }; - services.phpfpm.poolConfigs.roundcube = '' - listen = /run/phpfpm/roundcube - listen.owner = nginx - listen.group = nginx - listen.mode = 0660 - user = nginx - pm = dynamic - pm.max_children = 75 - pm.start_servers = 2 - pm.min_spare_servers = 1 - pm.max_spare_servers = 20 - pm.max_requests = 500 - php_admin_value[error_log] = 'stderr' - php_admin_flag[log_errors] = on - php_admin_value[post_max_size] = 25M - php_admin_value[upload_max_filesize] = 25M - catch_workers_output = yes - ''; + services.phpfpm.pools.roundcube = { + socketName = "roundcube"; + phpPackage = pkgs.php; + user = "${config.services.nginx.user}"; + group = "${config.services.nginx.group}"; + extraConfig = '' + listen.owner = ${config.services.nginx.user} + listen.group = ${config.services.nginx.group} + listen.mode = 0600 + pm = dynamic + pm.max_children = 75 + pm.start_servers = 2 + pm.min_spare_servers = 1 + pm.max_spare_servers = 20 + pm.max_requests = 500 + php_admin_value[error_log] = 'stderr' + php_admin_flag[log_errors] = on + php_admin_value[post_max_size] = 25M + php_admin_value[upload_max_filesize] = 25M + catch_workers_output = yes + ''; + }; systemd.services.phpfpm-roundcube.after = [ "roundcube-setup.service" ]; systemd.services.roundcube-setup = let |