Merge pull request #63156 from Izorkin/phpfpm-rootless

phpfpm: do not run anything as root
author: Elis Hirwing <elis@hirwing.se> 2019-06-27 19:13:53 +0200
committer: GitHub <noreply@github.com> 2019-06-27 19:13:53 +0200
commit: b5478fd1a2ef442a54c36031bf3a27a96b5ea31c (patch)
tree: a898427ac474957a680888252c810e4bdfe37ecc /nixos/modules/services/web-apps/tt-rss.nix
parent: dbb00bfcbfb291e79d4d2d512041656e6bcfcd9a (diff)
parent: eee87b460ea9a5a9e122dcc313fa20b9962872a5 (diff)
download: nixpkgs-b5478fd1a2ef442a54c36031bf3a27a96b5ea31c.tar
nixpkgs-b5478fd1a2ef442a54c36031bf3a27a96b5ea31c.tar.gz
nixpkgs-b5478fd1a2ef442a54c36031bf3a27a96b5ea31c.tar.bz2
nixpkgs-b5478fd1a2ef442a54c36031bf3a27a96b5ea31c.tar.lz
nixpkgs-b5478fd1a2ef442a54c36031bf3a27a96b5ea31c.tar.xz
nixpkgs-b5478fd1a2ef442a54c36031bf3a27a96b5ea31c.tar.zst
nixpkgs-b5478fd1a2ef442a54c36031bf3a27a96b5ea31c.zip
1 files changed, 7 insertions, 5 deletions
diff --git a/nixos/modules/services/web-apps/tt-rss.nix b/nixos/modules/services/web-apps/tt-rss.nix
index b882f6c2ae7..e59988ef7b2 100644
--- a/nixos/modules/services/web-apps/tt-rss.nix
+++ b/nixos/modules/services/web-apps/tt-rss.nix
@@ -512,12 +512,14 @@ let
 
     services.phpfpm.pools = mkIf (cfg.pool == "${poolName}") {
       "${poolName}" = {
-        listen = "/var/run/phpfpm/${poolName}.sock";
+        socketName = "${poolName}";
+        phpPackage = pkgs.php;
+        user = "${config.services.nginx.user}";
+        group = "${config.services.nginx.group}";
         extraConfig = ''
-          listen.owner = nginx
-          listen.group = nginx
+          listen.owner = ${config.services.nginx.user}
+          listen.group = ${config.services.nginx.group}
           listen.mode = 0600
-          user = ${cfg.user}
           pm = dynamic
           pm.max_children = 75
           pm.start_servers = 10
@@ -543,7 +545,7 @@ let
           locations."~ \.php$" = {
             extraConfig = ''
               fastcgi_split_path_info ^(.+\.php)(/.+)$;
-              fastcgi_pass unix:${config.services.phpfpm.pools.${cfg.pool}.listen};
+              fastcgi_pass unix:/run/phpfpm-${poolName}/${poolName}.sock;
               fastcgi_index index.php;
             '';
           };
author	Elis Hirwing <elis@hirwing.se>	2019-06-27 19:13:53 +0200
committer	GitHub <noreply@github.com>	2019-06-27 19:13:53 +0200
commit	b5478fd1a2ef442a54c36031bf3a27a96b5ea31c (patch)
tree	a898427ac474957a680888252c810e4bdfe37ecc /nixos/modules/services/web-apps/tt-rss.nix
parent	dbb00bfcbfb291e79d4d2d512041656e6bcfcd9a (diff)
parent	eee87b460ea9a5a9e122dcc313fa20b9962872a5 (diff)
download	nixpkgs-b5478fd1a2ef442a54c36031bf3a27a96b5ea31c.tar nixpkgs-b5478fd1a2ef442a54c36031bf3a27a96b5ea31c.tar.gz nixpkgs-b5478fd1a2ef442a54c36031bf3a27a96b5ea31c.tar.bz2 nixpkgs-b5478fd1a2ef442a54c36031bf3a27a96b5ea31c.tar.lz nixpkgs-b5478fd1a2ef442a54c36031bf3a27a96b5ea31c.tar.xz nixpkgs-b5478fd1a2ef442a54c36031bf3a27a96b5ea31c.tar.zst nixpkgs-b5478fd1a2ef442a54c36031bf3a27a96b5ea31c.zip