diff options
author | Izorkin <izorkin@elven.pw> | 2019-02-25 17:08:01 +0300 |
---|---|---|
committer | Izorkin <izorkin@elven.pw> | 2019-03-16 19:54:21 +0300 |
commit | 42a99b1be2955eb007a199f319b3afa47d6da780 (patch) | |
tree | 5f56b1e302571625fc2b20d492ef95df0d38db81 /pkgs/servers | |
parent | 7ca00868ec0b8425122c755f892af003fc36019e (diff) | |
download | nixpkgs-42a99b1be2955eb007a199f319b3afa47d6da780.tar nixpkgs-42a99b1be2955eb007a199f319b3afa47d6da780.tar.gz nixpkgs-42a99b1be2955eb007a199f319b3afa47d6da780.tar.bz2 nixpkgs-42a99b1be2955eb007a199f319b3afa47d6da780.tar.lz nixpkgs-42a99b1be2955eb007a199f319b3afa47d6da780.tar.xz nixpkgs-42a99b1be2955eb007a199f319b3afa47d6da780.tar.zst nixpkgs-42a99b1be2955eb007a199f319b3afa47d6da780.zip |
nixos/unit: init service unit
Diffstat (limited to 'pkgs/servers')
-rw-r--r-- | pkgs/servers/http/unit/default.nix | 9 | ||||
-rw-r--r-- | pkgs/servers/http/unit/unit-rootless.patch | 24 |
2 files changed, 31 insertions, 2 deletions
diff --git a/pkgs/servers/http/unit/default.nix b/pkgs/servers/http/unit/default.nix index f250dd5e9bb..9efc1d64335 100644 --- a/pkgs/servers/http/unit/default.nix +++ b/pkgs/servers/http/unit/default.nix @@ -40,9 +40,14 @@ stdenv.mkDerivation rec { ++ optional withRuby ruby ++ optional withSSL openssl; + # Used patch to enable work with unprivileged user - https://github.com/nginx/unit/issues/228 + patches = [ ./unit-rootless.patch ]; + configureFlags = [ - "--control=unix:/run/control.unit.sock" - "--pid=/run/unit.pid" + "--control=unix:/run/unit/control.unit.sock" + "--pid=/run/unit/unit.pid" + "--user=unit" + "--group=unit" ] ++ optional withSSL [ "--openssl" ] ++ optional (!withIPv6) [ "--no-ipv6" ] ++ optional withDebug [ "--debug" ]; diff --git a/pkgs/servers/http/unit/unit-rootless.patch b/pkgs/servers/http/unit/unit-rootless.patch new file mode 100644 index 00000000000..36506847f91 --- /dev/null +++ b/pkgs/servers/http/unit/unit-rootless.patch @@ -0,0 +1,24 @@ +diff --git a/src/nxt_process.c b/src/nxt_process.c +index 5952029..7b29369 100644 +--- a/src/nxt_process.c ++++ b/src/nxt_process.c +@@ -136,7 +136,7 @@ nxt_process_start(nxt_task_t *task, nxt_process_t *process) + + nxt_random_init(&thread->random); + +- if (init->user_cred != NULL && getuid() == 0) { ++ if (init->user_cred != NULL) { + /* Super-user. */ + + ret = nxt_user_cred_set(task, init->user_cred); +@@ -434,9 +434,7 @@ nxt_user_cred_get(nxt_task_t *task, nxt_user_cred_t *uc, const char *group) + uc->base_gid = grp->gr_gid; + } + +- if (getuid() == 0) { + return nxt_user_groups_get(task, uc); +- } + + return NXT_OK; + } + |