28 lines
1.6 KiB
Markdown
28 lines
1.6 KiB
Markdown
# Configuration and Environment
|
|
|
|
CLI flags and environment variables
|
|
|
|
- `--sock` / `YANPM_AGENT_SOCK` (default: `./yanpm-agent.sock`)
|
|
- Path to the Unix socket file the agent will bind to.
|
|
- If the socket directory does not exist the agent attempts to create it and set mode `0770`.
|
|
|
|
- `--nginx-config-dir` / `YANPM_NGINX_CONFIG_DIR` (default: `/etc/nginx/conf.d`)
|
|
- Directory where nginx fragments are written. The agent writes fragments into a subdirectory named by the agent (internal use).
|
|
|
|
- `--sock-perm` / `YANPM_AGENT_SOCK_PERM` (default: `660`)
|
|
- A 3-digit octal permission string applied to the socket file (best-effort). The program validates this is a 3-digit octal string.
|
|
- If the final digit is greater than `0` a warning is logged because that allows "others" access.
|
|
|
|
- `--sock-gid` / `YANPM_AGENT_SOCK_GID` (default: current user's primary group)
|
|
- GID to set on the socket file (best-effort).
|
|
|
|
Validation rules and behavior
|
|
|
|
- `sock_perm` must be exactly 3 octal digits (characters 0-7). The agent rejects invalid values at startup.
|
|
- When an existing path exists at the socket location the agent verifies it is a unix socket; if so it removes it before binding. If the path exists and is not a socket, startup fails.
|
|
- Setting permissions (`set_permissions`) and changing GID (`chown`) are attempted but non-fatal: failures are logged as warnings and the agent continues.
|
|
|
|
Notes about nginx config directory
|
|
|
|
- The agent writes fragments into a subdirectory (internal) of the configured `nginx_config_dir`. Ensure nginx is configured to include that subdirectory so fragments are picked up, or use `write_config` then trigger a reload.
|