diff options
| author | Jörg Thalheim <joerg@thalheim.io> | 2018-01-03 12:10:45 +0100 |
|---|---|---|
| committer | Jörg Thalheim <joerg@thalheim.io> | 2018-01-03 12:33:36 +0100 |
| commit | c9c8a2c5b3b72668656add5409853db8e15ea99d (patch) | |
| tree | 0aa282eca08700f8ac99bc5a56a1dcbd3249b774 /nixos | |
| parent | eb6db32d015397f24bd623a60e7e53e37ffe2258 (diff) | |
| download | nixpkgs-c9c8a2c5b3b72668656add5409853db8e15ea99d.tar nixpkgs-c9c8a2c5b3b72668656add5409853db8e15ea99d.tar.gz nixpkgs-c9c8a2c5b3b72668656add5409853db8e15ea99d.tar.bz2 nixpkgs-c9c8a2c5b3b72668656add5409853db8e15ea99d.tar.lz nixpkgs-c9c8a2c5b3b72668656add5409853db8e15ea99d.tar.xz nixpkgs-c9c8a2c5b3b72668656add5409853db8e15ea99d.tar.zst nixpkgs-c9c8a2c5b3b72668656add5409853db8e15ea99d.zip | |
nixos/memcached: make unix sockets usuable
before:
- /var/run/memcached is a bad default for a socket path, since its
parent directory must be writeable by memcached.
- Socket directory was not created by the module itself -> this was
left as a burden to the user?
- Having a static uid with a dynamic user name is not very useful.
after:
- Replace services.memcached.socket by a boolean flag. This simplifies
our code, since we do not have to check if the user specifies a
path with a parent directory that should be owned by memcached
(/run/memcached/memcached.sock -> /run/memcached).
- Remove fixed uid/gid allocation. The only file ever owned by the
daemon is the socket that will be recreated on every start.
Therefore user and group ids do not need to be static.
- only create the memcached user, if the user has not specified a
different one. The major use case for changing option is to allow
existing services (such as php-fpm) opening the local unix socket.
If we would unconditionally create a user that option would be
useless.
Diffstat (limited to 'nixos')
| -rw-r--r-- | nixos/doc/manual/release-notes/rl-1803.xml | 8 | ||||
| -rw-r--r-- | nixos/modules/misc/ids.nix | 4 | ||||
| -rw-r--r-- | nixos/modules/services/databases/memcached.nix | 57 |
3 files changed, 41 insertions, 28 deletions
diff --git a/nixos/doc/manual/release-notes/rl-1803.xml b/nixos/doc/manual/release-notes/rl-1803.xml index 3dc4c353e25..0ab119232ee 100644 --- a/nixos/doc/manual/release-notes/rl-1803.xml +++ b/nixos/doc/manual/release-notes/rl-1803.xml @@ -131,6 +131,14 @@ following incompatible changes:</para> Other types dependencies should be unaffected. </para> </listitem> + <listitem> + <para> + The <literal>memcached</literal> service no longer accept dynamic socket + paths via <option>services.memcached.socket</option>. Unix sockets can be + still enabled by <option>services.memcached.enableUnixSocket</option> and + will be accessible at <literal>/run/memcached/memcached.sock</literal>. + </para> + </listitem> </itemizedlist> </section> diff --git a/nixos/modules/misc/ids.nix b/nixos/modules/misc/ids.nix index 579a3f6393c..d0cd32cb904 100644 --- a/nixos/modules/misc/ids.nix +++ b/nixos/modules/misc/ids.nix @@ -197,7 +197,7 @@ #input = 174; # unused sddm = 175; tss = 176; - memcached = 177; + #memcached = 177; removed 2018-01-03 ntp = 179; zabbix = 180; redis = 181; @@ -475,7 +475,7 @@ input = 174; sddm = 175; tss = 176; - #memcached = 177; # unused + #memcached = 177; # unused, removed 2018-01-03 #ntp = 179; # unused #zabbix = 180; # unused #redis = 181; # unused diff --git a/nixos/modules/services/databases/memcached.nix b/nixos/modules/services/databases/memcached.nix index c6875af506d..46bc6fc5c13 100644 --- a/nixos/modules/services/databases/memcached.nix +++ b/nixos/modules/services/databases/memcached.nix @@ -40,11 +40,7 @@ in description = "The port to bind to"; }; - socket = mkOption { - default = ""; - description = "Unix socket path to listen on. Setting this will disable network support"; - example = "/var/run/memcached"; - }; + enableUnixSocket = mkEnableOption "unix socket at /run/memcached/memcached.sock"; maxMemory = mkOption { default = 64; @@ -68,31 +64,40 @@ in config = mkIf config.services.memcached.enable { - users.extraUsers.memcached = - { name = cfg.user; - uid = config.ids.uids.memcached; - description = "Memcached server user"; - }; + users.extraUsers = optional (cfg.user == "memcached") { + name = "memcached"; + description = "Memcached server user"; + }; environment.systemPackages = [ memcached ]; - systemd.services.memcached = - { description = "Memcached server"; - - wantedBy = [ "multi-user.target" ]; - after = [ "network.target" ]; - - serviceConfig = { - ExecStart = - let - networking = if cfg.socket != "" - then "-s ${cfg.socket}" - else "-l ${cfg.listen} -p ${toString cfg.port}"; - in "${memcached}/bin/memcached ${networking} -m ${toString cfg.maxMemory} -c ${toString cfg.maxConnections} ${concatStringsSep " " cfg.extraOptions}"; - - User = cfg.user; - }; + systemd.services.memcached = { + description = "Memcached server"; + + wantedBy = [ "multi-user.target" ]; + after = [ "network.target" ]; + + serviceConfig = { + PermissionsStartOnly = true; + ExecStartPre = optionals cfg.enableUnixSocket [ + "${pkgs.coreutils}/bin/install -d -o ${cfg.user} /run/memcached/" + "${pkgs.coreutils}/bin/chown -R ${cfg.user} /run/memcached/" + ]; + ExecStart = + let + networking = if cfg.enableUnixSocket + then "-s /run/memcached/memcached.sock" + else "-l ${cfg.listen} -p ${toString cfg.port}"; + in "${memcached}/bin/memcached ${networking} -m ${toString cfg.maxMemory} -c ${toString cfg.maxConnections} ${concatStringsSep " " cfg.extraOptions}"; + + User = cfg.user; }; + }; }; + imports = [ + (mkRemovedOptionModule ["services" "memcached" "socket"] '' + This option was replaced by a fixed unix socket path at /run/memcached/memcached.sock enabled using services.memached.enableUnixSocket. + '') + ]; } |