public/nixpkgs
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Merge pull request #80904 from talyz/haproxy-fixes

Browse Source 
nixos/haproxy: Revive the haproxy user and group
This commit is contained in:
Jörg Thalheim 2020-03-11 22:23:13 +00:00 committed by GitHub
commit 9aa23e31b3
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 27 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
nixos/modules/misc/ids.nix
View File

@ -133,7 +133,7 @@ in
tcpcryptd = 93; # tcpcryptd uses a hard-coded uid. We patch it in Nixpkgs to match this choice. tcpcryptd = 93; # tcpcryptd uses a hard-coded uid. We patch it in Nixpkgs to match this choice.
firebird = 95; firebird = 95;
#keys = 96; # unused #keys = 96; # unused
#haproxy = 97; # DynamicUser as of 2019-11-08 #haproxy = 97; # dynamically allocated as of 2020-03-11
mongodb = 98; mongodb = 98;
openldap = 99; openldap = 99;
#users = 100; # unused #users = 100; # unused
@ -448,7 +448,7 @@ in
#tcpcryptd = 93; # unused #tcpcryptd = 93; # unused
firebird = 95; firebird = 95;
keys = 96; keys = 96;
#haproxy = 97; # DynamicUser as of 2019-11-08 #haproxy = 97; # dynamically allocated as of 2020-03-11
#mongodb = 98; # unused #mongodb = 98; # unused
openldap = 99; openldap = 99;
munin = 102; munin = 102;

26
nixos/modules/services/networking/haproxy.nix
View File

@ -26,6 +26,18 @@ with lib;
''; '';
}; };
user = mkOption {
type = types.str;
default = "haproxy";
description = "User account under which haproxy runs.";
};
group = mkOption {
type = types.str;
default = "haproxy";
description = "Group account under which haproxy runs.";
};
config = mkOption { config = mkOption {
type = types.nullOr types.lines; type = types.nullOr types.lines;
default = null; default = null;
@ -49,7 +61,8 @@ with lib;
after = [ "network.target" ]; after = [ "network.target" ];
wantedBy = [ "multi-user.target" ]; wantedBy = [ "multi-user.target" ];
serviceConfig = { serviceConfig = {
DynamicUser = true; User = cfg.user;
Group = cfg.group;
Type = "notify"; Type = "notify";
# when running the config test, don't be quiet so we can see what goes wrong # when running the config test, don't be quiet so we can see what goes wrong
ExecStartPre = "${pkgs.haproxy}/sbin/haproxy -c -f ${haproxyCfg}"; ExecStartPre = "${pkgs.haproxy}/sbin/haproxy -c -f ${haproxyCfg}";
@ -60,5 +73,16 @@ with lib;
AmbientCapabilities = "CAP_NET_BIND_SERVICE"; AmbientCapabilities = "CAP_NET_BIND_SERVICE";
}; };
}; };
users.users = optionalAttrs (cfg.user == "haproxy") {
haproxy = {
group = cfg.group;
isSystemUser = true;
};
};
users.groups = optionalAttrs (cfg.group == "haproxy") {
haproxy = {};
};
}; };
} }