From d450085b21f46e716afdedbbb6719199def85d97 Mon Sep 17 00:00:00 2001 From: Igor Pashev Date: Fri, 13 Apr 2018 18:39:08 +0300 Subject: Stop running icinga2 as root (use fakeroot) --- modules/apps/icinga2.nix | 21 ++++++++++----------- 1 file changed, 10 insertions(+), 11 deletions(-) (limited to 'modules/apps') diff --git a/modules/apps/icinga2.nix b/modules/apps/icinga2.nix index 6380f92..6141389 100644 --- a/modules/apps/icinga2.nix +++ b/modules/apps/icinga2.nix @@ -200,16 +200,6 @@ let ln -sf ${icingaMutableCheckCommand} \ ${cfg.stateDir}/etc/icinga2/conf.d/${cfg.mutable.checkCommand}.conf - # XXX: requires root (!?) - ${pkgs.icinga2}/bin/icinga2 api setup - ${pkgs.icinga2}/bin/icinga2 feature enable checker - ${pkgs.icinga2}/bin/icinga2 feature enable command - ${pkgs.icinga2}/bin/icinga2 feature enable livestatus - - ${optionalString cfg.notifications '' - ${pkgs.icinga2}/bin/icinga2 feature enable notification - ''} - rm -rf ${rundir} mkdir --mode=0755 -p ${rundir} mkdir --mode=2710 -p ${dirOf cfg.commandPipe} @@ -223,9 +213,18 @@ let start = pkgs.writeBashScriptBin "icinga2" '' set -euo pipefail - umask 0077 + # XXX Requires root for no fucking reason, see https://github.com/Icinga/icinga2/issues/4947 + ${pkgs.fakeroot}/bin/fakeroot ${pkgs.icinga2}/bin/icinga2 api setup + ${pkgs.fakeroot}/bin/fakeroot ${pkgs.icinga2}/bin/icinga2 feature enable checker + ${pkgs.fakeroot}/bin/fakeroot ${pkgs.icinga2}/bin/icinga2 feature enable command + ${pkgs.fakeroot}/bin/fakeroot ${pkgs.icinga2}/bin/icinga2 feature enable livestatus + + ${optionalString cfg.notifications '' + ${pkgs.fakeroot}/bin/fakeroot ${pkgs.icinga2}/bin/icinga2 feature enable notification + ''} + printf 'const TicketSalt = "%s"\n' "$(${pkgs.pwgen}/bin/pwgen -1 -s 23)" \ > ${cfg.stateDir}/etc/icinga2/conf.d/ticketsalt.conf -- cgit v1.2.3