JakeHillion/nixpkgs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

nixos/nginx: move configuration testing script into reload command

Browse Source 
nginx -t not only verifies configuration, but also creates (and chowns)
files. When the `nginx-config-reload` service is used, this can cause
directories to be chowned to `root`, causing nginx to fail.

This moves the nginx -t command into a second ExecReload command, which
runs as nginx's user. While fixing above issue, this will also cause the
configuration to be verified when running `systemctl reload nginx`, not
only when restarting the dummy `nginx-config-reload` unit. The latter is
mostly a workaround for missing features in our activation script
anyways.
This commit is contained in:
Florian Klink 2020-08-12 18:09:02 +02:00
parent e11d511222
commit 300049ca51
1 changed files with 5 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
nixos/modules/services/web-servers/nginx/default.nix
View File

@ -704,7 +704,10 @@ in
''; '';
serviceConfig = { serviceConfig = {
ExecStart = execCommand; ExecStart = execCommand;
ExecReload = "${pkgs.coreutils}/bin/kill -HUP $MAINPID"; ExecReload = [
"${execCommand} -t"
"${pkgs.coreutils}/bin/kill -HUP $MAINPID"
];
Restart = "always"; Restart = "always";
RestartSec = "10s"; RestartSec = "10s";
StartLimitInterval = "1min"; StartLimitInterval = "1min";
@ -761,8 +764,7 @@ in
serviceConfig.TimeoutSec = 60; serviceConfig.TimeoutSec = 60;
script = '' script = ''
if /run/current-system/systemd/bin/systemctl -q is-active nginx.service ; then if /run/current-system/systemd/bin/systemctl -q is-active nginx.service ; then
${execCommand} -t && \ /run/current-system/systemd/bin/systemctl reload nginx.service
/run/current-system/systemd/bin/systemctl reload nginx.service
fi fi
''; '';
serviceConfig.RemainAfterExit = true; serviceConfig.RemainAfterExit = true;