From 041cbd860df7c72bd3272784caad9ab8b373e084 Mon Sep 17 00:00:00 2001 From: talyz Date: Sun, 27 Oct 2019 12:04:09 +0100 Subject: [PATCH] nixos/gitlab: Abort on error and use of unset variables Default behavior is to continue executing the script even when one or multiple steps fail. We want to abort early if any part of the initialization fails to not run with a partially initialized state. Default behavior also allows dereferencing non-existent variables, potentially resulting in hard-to-find bugs. --- nixos/modules/services/misc/gitlab.nix | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/nixos/modules/services/misc/gitlab.nix b/nixos/modules/services/misc/gitlab.nix index 6ee35aaca56..dd92eb99940 100644 --- a/nixos/modules/services/misc/gitlab.nix +++ b/nixos/modules/services/misc/gitlab.nix @@ -608,6 +608,8 @@ in { # objects owners and extensions; for now we tack on what's needed # here. systemd.services.postgresql.postStart = mkAfter (optionalString databaseActuallyCreateLocally '' + set -eu + $PSQL -tAc "SELECT 1 FROM pg_database WHERE datname = '${cfg.databaseName}'" | grep -q 1 || $PSQL -tAc 'CREATE DATABASE "${cfg.databaseName}" OWNER "${cfg.databaseUsername}"' current_owner=$($PSQL -tAc "SELECT pg_catalog.pg_get_userbyid(datdba) FROM pg_catalog.pg_database WHERE datname = '${cfg.databaseName}'") if [[ "$current_owner" != "${cfg.databaseUsername}" ]]; then @@ -781,10 +783,14 @@ in { ExecStartPre = let preStartFullPrivileges = '' shopt -s dotglob nullglob + set -eu + chown --no-dereference '${cfg.user}':'${cfg.group}' '${cfg.statePath}'/* chown --no-dereference '${cfg.user}':'${cfg.group}' '${cfg.statePath}'/config/* ''; preStart = '' + set -eu + cp -f ${cfg.packages.gitlab}/share/gitlab/VERSION ${cfg.statePath}/VERSION rm -rf ${cfg.statePath}/db/* rm -rf ${cfg.statePath}/config/initializers/*