-
-
Notifications
You must be signed in to change notification settings - Fork 14k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
nixos/fcgiwrap: refactor to fix permissions #318599
Commits on Jun 22, 2024
-
nixos/fcgiwrap: refactor for multiple instances
This allows configuring and starting independent instances of the fgciwrap service, each with their own settings and running user, instead of having to share a global one. I could not use `mkRenamedOptionModule` on the previous options because the aliases conflict with `attrsOf submodule` now defined at `services.fcgiwrap`. This makes this change not backward compatible.
Configuration menu - View commit details
-
Copy full SHA for 41419ca - Browse repository at this point
Copy the full SHA 41419caView commit details -
nixos/fcgiwrap: adapt consumer modules and tests
This also fixes the gitolite-fcgiwrap test by running git through fcgiwrap as the proper user.
Configuration menu - View commit details
-
Copy full SHA for bf2ad6f - Browse repository at this point
Copy the full SHA bf2ad6fView commit details -
nixos/fcgiwrap: group options logically, fix doc
Since we're already introducing some backward-incompatible change in the previous commit, let's make the options more tidy, also preparing for the introduction of more options. This also fixes the documentation of the user and group options which are applying to the service's running user, not the socket.
Configuration menu - View commit details
-
Copy full SHA for 022289f - Browse repository at this point
Copy the full SHA 022289fView commit details -
Configuration menu - View commit details
-
Copy full SHA for 8101ae4 - Browse repository at this point
Copy the full SHA 8101ae4View commit details -
Configuration menu - View commit details
-
Copy full SHA for 3955eaf - Browse repository at this point
Copy the full SHA 3955eafView commit details -
Configuration menu - View commit details
-
Copy full SHA for 289c158 - Browse repository at this point
Copy the full SHA 289c158View commit details -
nixos/fcgiwrap: add unix socket owner, private by default
This adds a few options to properly set the ownership and permissions on UNIX local sockets, set to private by default. Previously, the created UNIX local sockets could be used by any local user. This was especially problematic when fcgiwrap is running as root (the default).
Configuration menu - View commit details
-
Copy full SHA for 81f7201 - Browse repository at this point
Copy the full SHA 81f7201View commit details -
Configuration menu - View commit details
-
Copy full SHA for c5dc3e2 - Browse repository at this point
Copy the full SHA c5dc3e2View commit details -
nixos/fcgiwrap: do not run as root by default
Use a dynamic user instead unless one is specified.
Configuration menu - View commit details
-
Copy full SHA for 51b246a - Browse repository at this point
Copy the full SHA 51b246aView commit details -
nixos/cgit: configurable user instead of root
This allows running cgit instances using dedicated users instead of root. This is now set to "cgit" by default.
Configuration menu - View commit details
-
Copy full SHA for 2d8626b - Browse repository at this point
Copy the full SHA 2d8626bView commit details -
nixos/cgit: fix GIT_PROJECT_ROOT ownership
The GIT_PROJECT_ROOT directory is now created at runtime instead of being assembled at build time. This fixes ownership issues which prevented those repositories to be read by users other than root. This also avoids creating symlinks in the nix store pointing to the outside.
Configuration menu - View commit details
-
Copy full SHA for 3d10deb - Browse repository at this point
Copy the full SHA 3d10debView commit details