public/nixpkgs
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Merge pull request #61923 from aanderse/gitea

Browse Source 
nixos/gitea: make use of declarative features where applicable
This commit is contained in:
Maximilian Bosch 2019-06-13 01:01:18 +02:00 committed by GitHub
commit 401360e15b
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 52 additions and 54 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

90
nixos/modules/services/misc/gitea.nix
View File

@ -159,7 +159,8 @@ in
socket = mkOption { socket = mkOption {
type = types.nullOr types.path; type = types.nullOr types.path;
default = null; default = if (cfg.database.createDatabase && usePostgresql) then "/run/postgresql" else if (cfg.database.createDatabase && useMysql) then "/run/mysqld/mysqld.sock" else null;
defaultText = "null";
example = "/run/mysqld/mysqld.sock"; example = "/run/mysqld/mysqld.sock";
description = "Path to the unix socket file to use for authentication."; description = "Path to the unix socket file to use for authentication.";
}; };
@ -173,10 +174,7 @@ in
createDatabase = mkOption { createDatabase = mkOption {
type = types.bool; type = types.bool;
default = true; default = true;
description = '' description = "Whether to create a local database automatically.";
Whether to create a local postgresql database automatically.
This only applies if database type "postgres" is selected.
'';
}; };
}; };
@ -277,7 +275,46 @@ in
}; };
config = mkIf cfg.enable { config = mkIf cfg.enable {
services.postgresql.enable = mkIf usePostgresql (mkDefault true); assertions = [
{ assertion = cfg.database.createDatabase -> cfg.database.user == cfg.user;
message = "services.gitea.database.user must match services.gitea.user if the database is to be automatically provisioned";
}
];
services.postgresql = optionalAttrs (usePostgresql && cfg.database.createDatabase) {
enable = mkDefault true;
ensureDatabases = [ cfg.database.name ];
ensureUsers = [
{ name = cfg.database.user;
ensurePermissions = { "DATABASE ${cfg.database.name}" = "ALL PRIVILEGES"; };
}
];
};
services.mysql = optionalAttrs (useMysql && cfg.database.createDatabase) {
enable = mkDefault true;
package = mkDefault pkgs.mariadb;
ensureDatabases = [ cfg.database.name ];
ensureUsers = [
{ name = cfg.database.user;
ensurePermissions = { "${cfg.database.name}.*" = "ALL PRIVILEGES"; };
}
];
};
systemd.tmpfiles.rules = [
"d '${cfg.stateDir}' - ${cfg.user} gitea - -"
"d '${cfg.stateDir}/conf' - ${cfg.user} gitea - -"
"d '${cfg.stateDir}/custom/conf' - ${cfg.user} gitea - -"
"d '${cfg.repositoryRoot}' - ${cfg.user} gitea - -"
"Z '${cfg.stateDir}' - ${cfg.user} gitea - -"
# If we have a folder or symlink with gitea locales, remove it
# And symlink the current gitea locales in place
"L+ '${cfg.stateDir}/conf/locale' - - - - ${gitea.out}/locale"
];
systemd.services.gitea = { systemd.services.gitea = {
description = "gitea"; description = "gitea";
@ -289,12 +326,8 @@ in
runConfig = "${cfg.stateDir}/custom/conf/app.ini"; runConfig = "${cfg.stateDir}/custom/conf/app.ini";
secretKey = "${cfg.stateDir}/custom/conf/secret_key"; secretKey = "${cfg.stateDir}/custom/conf/secret_key";
in '' in ''
# Make sure that the stateDir exists, as well as the conf dir in there
mkdir -p ${cfg.stateDir}/conf
# copy custom configuration and generate a random secret key if needed # copy custom configuration and generate a random secret key if needed
${optionalString (cfg.useWizard == false) '' ${optionalString (cfg.useWizard == false) ''
mkdir -p ${cfg.stateDir}/custom/conf
cp -f ${configFile} ${runConfig} cp -f ${configFile} ${runConfig}
if [ ! -e ${secretKey} ]; then if [ ! -e ${secretKey} ]; then
@ -309,7 +342,6 @@ in
chmod 640 ${runConfig} ${secretKey} chmod 640 ${runConfig} ${secretKey}
''} ''}
mkdir -p ${cfg.repositoryRoot}
# update all hooks' binary paths # update all hooks' binary paths
HOOKS=$(find ${cfg.repositoryRoot} -mindepth 4 -maxdepth 6 -type f -wholename "*git/hooks/*") HOOKS=$(find ${cfg.repositoryRoot} -mindepth 4 -maxdepth 6 -type f -wholename "*git/hooks/*")
if [ "$HOOKS" ] if [ "$HOOKS" ]
@ -319,43 +351,19 @@ in
sed -ri 's,/nix/store/[a-z0-9.-]+/bin/bash,${pkgs.bash}/bin/bash,g' $HOOKS sed -ri 's,/nix/store/[a-z0-9.-]+/bin/bash,${pkgs.bash}/bin/bash,g' $HOOKS
sed -ri 's,/nix/store/[a-z0-9.-]+/bin/perl,${pkgs.perl}/bin/perl,g' $HOOKS sed -ri 's,/nix/store/[a-z0-9.-]+/bin/perl,${pkgs.perl}/bin/perl,g' $HOOKS
fi fi
# If we have a folder or symlink with gitea locales, remove it
if [ -e ${cfg.stateDir}/conf/locale ]
then
rm -r ${cfg.stateDir}/conf/locale
fi
# And symlink the current gitea locales in place
ln -s ${gitea.out}/locale ${cfg.stateDir}/conf/locale
# update command option in authorized_keys # update command option in authorized_keys
if [ -r ${cfg.stateDir}/.ssh/authorized_keys ] if [ -r ${cfg.stateDir}/.ssh/authorized_keys ]
then then
sed -ri 's,/nix/store/[a-z0-9.-]+/bin/gitea,${gitea.bin}/bin/gitea,g' ${cfg.stateDir}/.ssh/authorized_keys sed -ri 's,/nix/store/[a-z0-9.-]+/bin/gitea,${gitea.bin}/bin/gitea,g' ${cfg.stateDir}/.ssh/authorized_keys
fi fi
'' + optionalString (usePostgresql && cfg.database.createDatabase) ''
if ! test -e "${cfg.stateDir}/db-created"; then
echo "CREATE ROLE ${cfg.database.user}
WITH ENCRYPTED PASSWORD '$(head -n1 ${cfg.database.passwordFile})'
NOCREATEDB NOCREATEROLE LOGIN" |
${pkgs.sudo}/bin/sudo -u ${pg.superUser} ${pg.package}/bin/psql
${pkgs.sudo}/bin/sudo -u ${pg.superUser} \
${pg.package}/bin/createdb \
--owner=${cfg.database.user} \
--encoding=UTF8 \
--lc-collate=C \
--lc-ctype=C \
--template=template0 \
${cfg.database.name}
touch "${cfg.stateDir}/db-created"
fi
'' + ''
chown ${cfg.user} -R ${cfg.stateDir}
''; '';
serviceConfig = { serviceConfig = {
Type = "simple"; Type = "simple";
User = cfg.user; User = cfg.user;
Group = "gitea";
WorkingDirectory = cfg.stateDir; WorkingDirectory = cfg.stateDir;
PermissionsStartOnly = true;
ExecStart = "${gitea.bin}/bin/gitea web"; ExecStart = "${gitea.bin}/bin/gitea web";
Restart = "always"; Restart = "always";
}; };
@ -367,15 +375,17 @@ in
}; };
}; };
users = mkIf (cfg.user == "gitea") { users.users = mkIf (cfg.user == "gitea") {
users.gitea = { gitea = {
description = "Gitea Service"; description = "Gitea Service";
home = cfg.stateDir; home = cfg.stateDir;
createHome = true;
useDefaultShell = true; useDefaultShell = true;
group = "gitea";
}; };
}; };
users.groups.gitea = {};
warnings = optional (cfg.database.password != "") warnings = optional (cfg.database.password != "")
''config.services.gitea.database.password will be stored as plaintext ''config.services.gitea.database.password will be stored as plaintext
in the Nix store. Use database.passwordFile instead.''; in the Nix store. Use database.passwordFile instead.'';

16
nixos/tests/gitea.nix
View File

@ -13,18 +13,8 @@ with pkgs.lib;
machine = machine =
{ config, pkgs, ... }: { config, pkgs, ... }:
{ services.mysql.enable = true; { services.gitea.enable = true;
services.mysql.package = pkgs.mariadb;
services.mysql.ensureDatabases = [ "gitea" ];
services.mysql.ensureUsers = [
{ name = "gitea";
ensurePermissions = { "gitea.*" = "ALL PRIVILEGES"; };
}
];
services.gitea.enable = true;
services.gitea.database.type = "mysql"; services.gitea.database.type = "mysql";
services.gitea.database.socket = "/run/mysqld/mysqld.sock";
}; };
testScript = '' testScript = ''
@ -42,10 +32,8 @@ with pkgs.lib;
machine = machine =
{ config, pkgs, ... }: { config, pkgs, ... }:
{ { services.gitea.enable = true;
services.gitea.enable = true;
services.gitea.database.type = "postgres"; services.gitea.database.type = "postgres";
services.gitea.database.passwordFile = pkgs.writeText "db-password" "secret";
}; };
testScript = '' testScript = ''