diff options
author | Aaron Andersen <aaron@fosslib.net> | 2019-06-28 21:47:43 -0400 |
---|---|---|
committer | Aaron Andersen <aaron@fosslib.net> | 2019-06-28 21:47:43 -0400 |
commit | 278d867a9b50e2472b1724988363b26f8eea6bf7 (patch) | |
tree | 42366eff05fcae152a48d7eaa39ed6d1762096ff /nixos/modules/services/web-apps/matomo.nix | |
parent | 4b98e262a040f69197ad43cd4ec7f9106bf6495d (diff) | |
download | nixpkgs-278d867a9b50e2472b1724988363b26f8eea6bf7.tar nixpkgs-278d867a9b50e2472b1724988363b26f8eea6bf7.tar.gz nixpkgs-278d867a9b50e2472b1724988363b26f8eea6bf7.tar.bz2 nixpkgs-278d867a9b50e2472b1724988363b26f8eea6bf7.tar.lz nixpkgs-278d867a9b50e2472b1724988363b26f8eea6bf7.tar.xz nixpkgs-278d867a9b50e2472b1724988363b26f8eea6bf7.tar.zst nixpkgs-278d867a9b50e2472b1724988363b26f8eea6bf7.zip |
Revert "Merge pull request #63156 from Izorkin/phpfpm-rootless"
This reverts commit b5478fd1a2ef442a54c36031bf3a27a96b5ea31c, reversing changes made to dbb00bfcbfb291e79d4d2d512041656e6bcfcd9a.
Diffstat (limited to 'nixos/modules/services/web-apps/matomo.nix')
-rw-r--r-- | nixos/modules/services/web-apps/matomo.nix | 38 |
1 files changed, 15 insertions, 23 deletions
diff --git a/nixos/modules/services/web-apps/matomo.nix b/nixos/modules/services/web-apps/matomo.nix index e058c18ad87..14aca45a342 100644 --- a/nixos/modules/services/web-apps/matomo.nix +++ b/nixos/modules/services/web-apps/matomo.nix @@ -4,14 +4,13 @@ let cfg = config.services.matomo; user = "matomo"; - group = "matomo"; dataDir = "/var/lib/${user}"; deprecatedDataDir = "/var/lib/piwik"; pool = user; - # it's not possible to use /run/phpfpm-${pool}/${pool}.sock because /run/phpfpm/ is root:root 0770, + # it's not possible to use /run/phpfpm/${pool}.sock because /run/phpfpm/ is root:root 0770, # and therefore is not accessible by the web server. - phpSocket = "/run/phpfpm-${pool}/${pool}.sock"; + phpSocket = "/run/phpfpm-${pool}.sock"; phpExecutionUnit = "phpfpm-${pool}"; databaseService = "mysql.service"; @@ -138,12 +137,9 @@ in { isSystemUser = true; createHome = true; home = dataDir; - group = "${group}"; + group = user; }; - users.users.${config.services.nginx.user} = { - extraGroups = [ "${group}" ]; - }; - users.groups.${group} = {}; + users.groups.${user} = {}; systemd.services.matomo-setup-update = { # everything needs to set up and up to date before Matomo php files are executed @@ -173,7 +169,7 @@ in { echo "Migrating from ${deprecatedDataDir} to ${dataDir}" mv -T ${deprecatedDataDir} ${dataDir} fi - chown -R ${user}:${group} ${dataDir} + chown -R ${user}:${user} ${dataDir} chmod -R ug+rwX,o-rwx ${dataDir} ''; script = '' @@ -229,26 +225,22 @@ in { serviceConfig.UMask = "0007"; }; - services.phpfpm.pools = let + services.phpfpm.poolConfigs = let # workaround for when both are null and need to generate a string, # which is illegal, but as assertions apparently are being triggered *after* config generation, # we have to avoid already throwing errors at this previous stage. socketOwner = if (cfg.nginx != null) then config.services.nginx.user else if (cfg.webServerUser != null) then cfg.webServerUser else ""; in { - ${pool} = { - socketName = "${pool}"; - phpPackage = pkgs.php; - user = "${user}"; - group = "${group}"; - extraConfig = '' - listen.owner = ${socketOwner} - listen.group = ${group} - listen.mode = 0600 - env[PIWIK_USER_PATH] = ${dataDir} - ${cfg.phpfpmProcessManagerConfig} - ''; - }; + ${pool} = '' + listen = "${phpSocket}" + listen.owner = ${socketOwner} + listen.group = root + listen.mode = 0600 + user = ${user} + env[PIWIK_USER_PATH] = ${dataDir} + ${cfg.phpfpmProcessManagerConfig} + ''; }; |