diff options
| author | Jean-Baptiste Giraudeau | 2024-09-09 15:20:59 +0200 |
|---|---|---|
| committer | Jean-Baptiste Giraudeau | 2024-09-10 13:13:28 +0200 |
| commit | 432bfec0264157e5485768897a70b5193c2015a7 (patch) | |
| tree | a690a6401c0591a1ff91e9d593186e151da70cd0 | |
| parent | 58ec2867859613da33cf08e674f70224335c42eb (diff) | |
nixos/gancio: use unix socket between nginx and gancio
| -rw-r--r-- | nixos/modules/services/web-apps/gancio.nix | 25 | ||||
| -rw-r--r-- | nixos/tests/gancio.nix | 2 |
2 files changed, 13 insertions, 14 deletions
diff --git a/nixos/modules/services/web-apps/gancio.nix b/nixos/modules/services/web-apps/gancio.nix index 893f5702518a..5f14ff46cb19 100644 --- a/nixos/modules/services/web-apps/gancio.nix +++ b/nixos/modules/services/web-apps/gancio.nix @@ -59,19 +59,12 @@ in description = "The URL path under which the server is reachable."; }; server = { - host = mkOption { - type = types.str; - default = "localhost"; - example = "::"; - description = '' - The address (IPv4, IPv6 or DNS) for the gancio server to listen on. - ''; - }; - port = mkOption { - type = types.port; - default = 13120; + socket = mkOption { + type = types.path; + readOnly = true; + default = "/run/gancio/socket"; description = '' - Port number of the gancio server to listen on. + The unix socket for the gancio server to listen on. ''; }; }; @@ -231,6 +224,10 @@ in serviceConfig = { ExecStart = "${getExe cfg.package} start ${configFile}"; + # set umask so that nginx can write to the server socket + # FIXME: upstream socket permission configuration in Nuxt + UMask = "0002"; + RuntimeDirectory = "gancio"; StateDirectory = "gancio"; WorkingDirectory = "/var/lib/gancio"; LogsDirectory = "gancio"; @@ -274,12 +271,14 @@ in }; "@proxy" = { proxyWebsockets = true; - proxyPass = "http://${cfg.settings.server.host}:${toString cfg.settings.server.port}"; + proxyPass = "http://unix:${cfg.settings.server.socket}"; recommendedProxySettings = true; }; }; } ]; }; + # for nginx to access gancio socket + users.users."${config.services.nginx.user}".extraGroups = [ config.users.users.${cfg.user}.group ]; }; } diff --git a/nixos/tests/gancio.nix b/nixos/tests/gancio.nix index 1dc5fd8b5606..8f4696d6f6cc 100644 --- a/nixos/tests/gancio.nix +++ b/nixos/tests/gancio.nix @@ -71,7 +71,7 @@ import ./make-test-python.nix ( server.wait_for_unit("postgresql") server.wait_for_unit("gancio") server.wait_for_unit("nginx") - server.wait_for_open_port(13120) + server.wait_for_file("/run/gancio/socket") server.wait_for_open_port(80) # Check can create user via cli |