kookie
/
nomicon
1
0
Fork 0
Code Issues Projects Releases 1 Activity

nixos/uhub: fix plugins, set CAP_NET_BIND_SERVICE

Browse Source 
Fix generation of the plugins configuration and allow binding to
"privileged" ports.
main
Emery Hemingway 2 years ago committed by ehmry
parent bad676c7ed
commit 2d012163f2
1 changed files with 9 additions and 5 deletions
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Show Stats Download Patch File Download Diff File
  1. 14
      nixos/modules/services/misc/uhub.nix

14
nixos/modules/services/misc/uhub.nix
Unescape View File

@ -80,11 +80,12 @@ in {
tls_enable = cfg.enableTLS;
file_plugins = pkgs.writeText "uhub-plugins.conf"
(lib.strings.concatStringsSep "\n" (map ({ plugin, settings }:
"plugin ${plugin} ${
toString
(lib.attrsets.mapAttrsToList (key: value: ''"${key}=${value}"'')
settings)
}") cfg.plugins));
''
plugin ${plugin} "${
toString
(lib.attrsets.mapAttrsToList (key: value: "${key}=${value}")
settings)
}"'') cfg.plugins));
};
in {
name = "uhub/${name}.conf";
@ -104,6 +105,9 @@ in {
ExecStart = "${pkg}/bin/uhub -c /etc/uhub/${name}.conf -L";
ExecReload = "${pkgs.coreutils}/bin/kill -HUP $MAINPID";
DynamicUser = true;
AmbientCapabilities = "CAP_NET_BIND_SERVICE";
CapabilityBoundingSet = "CAP_NET_BIND_SERVICE";
};
};
}) hubs;

Write Preview
Loading…
Cancel
Save