ilyakooo0/nixpkgs
1
0
Fork 0
mirror of https://github.com/ilyakooo0/nixpkgs.git synced 2025-01-08 22:57:42 +03:00
Code Issues Projects Releases Wiki Activity

nixos/uhub: fix plugins, set CAP_NET_BIND_SERVICE

Browse Source 
Fix generation of the plugins configuration and allow binding to
"privileged" ports.
This commit is contained in:
Emery Hemingway 2022-06-05 11:14:37 -05:00 committed by ehmry
parent bad676c7ed
commit 2d012163f2
1 changed files with 9 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

14
nixos/modules/services/misc/uhub.nix
View File

@ -80,11 +80,12 @@ in {
tls_enable = cfg.enableTLS; tls_enable = cfg.enableTLS;
file_plugins = pkgs.writeText "uhub-plugins.conf" file_plugins = pkgs.writeText "uhub-plugins.conf"
(lib.strings.concatStringsSep "\n" (map ({ plugin, settings }: (lib.strings.concatStringsSep "\n" (map ({ plugin, settings }:
"plugin ${plugin} ${ ''
toString plugin ${plugin} "${
(lib.attrsets.mapAttrsToList (key: value: ''"${key}=${value}"'') toString
settings) (lib.attrsets.mapAttrsToList (key: value: "${key}=${value}")
}") cfg.plugins)); settings)
}"'') cfg.plugins));
}; };
in { in {
name = "uhub/${name}.conf"; name = "uhub/${name}.conf";
@ -104,6 +105,9 @@ in {
ExecStart = "${pkg}/bin/uhub -c /etc/uhub/${name}.conf -L"; ExecStart = "${pkg}/bin/uhub -c /etc/uhub/${name}.conf -L";
ExecReload = "${pkgs.coreutils}/bin/kill -HUP $MAINPID"; ExecReload = "${pkgs.coreutils}/bin/kill -HUP $MAINPID";
DynamicUser = true; DynamicUser = true;
AmbientCapabilities = "CAP_NET_BIND_SERVICE";
CapabilityBoundingSet = "CAP_NET_BIND_SERVICE";
}; };
}; };
}) hubs; }) hubs;