Merge pull request #111030 from cript0nauta/miniflux-sudo
nixos/miniflux: don't depend on sudo
This commit is contained in:
commit
5a24206e17
|
@ -14,17 +14,16 @@ let
|
||||||
ADMIN_PASSWORD=password
|
ADMIN_PASSWORD=password
|
||||||
'';
|
'';
|
||||||
|
|
||||||
pgsu = "${pkgs.sudo}/bin/sudo -u ${config.services.postgresql.superUser}";
|
|
||||||
pgbin = "${config.services.postgresql.package}/bin";
|
pgbin = "${config.services.postgresql.package}/bin";
|
||||||
preStart = pkgs.writeScript "miniflux-pre-start" ''
|
preStart = pkgs.writeScript "miniflux-pre-start" ''
|
||||||
#!${pkgs.runtimeShell}
|
#!${pkgs.runtimeShell}
|
||||||
db_exists() {
|
db_exists() {
|
||||||
[ "$(${pgsu} ${pgbin}/psql -Atc "select 1 from pg_database where datname='$1'")" == "1" ]
|
[ "$(${pgbin}/psql -Atc "select 1 from pg_database where datname='$1'")" == "1" ]
|
||||||
}
|
}
|
||||||
if ! db_exists "${dbName}"; then
|
if ! db_exists "${dbName}"; then
|
||||||
${pgsu} ${pgbin}/psql postgres -c "CREATE ROLE ${dbUser} WITH LOGIN NOCREATEDB NOCREATEROLE ENCRYPTED PASSWORD '${dbPassword}'"
|
${pgbin}/psql postgres -c "CREATE ROLE ${dbUser} WITH LOGIN NOCREATEDB NOCREATEROLE ENCRYPTED PASSWORD '${dbPassword}'"
|
||||||
${pgsu} ${pgbin}/createdb --owner "${dbUser}" "${dbName}"
|
${pgbin}/createdb --owner "${dbUser}" "${dbName}"
|
||||||
${pgsu} ${pgbin}/psql "${dbName}" -c "CREATE EXTENSION IF NOT EXISTS hstore"
|
${pgbin}/psql "${dbName}" -c "CREATE EXTENSION IF NOT EXISTS hstore"
|
||||||
fi
|
fi
|
||||||
'';
|
'';
|
||||||
in
|
in
|
||||||
|
@ -73,15 +72,26 @@ in
|
||||||
|
|
||||||
services.postgresql.enable = true;
|
services.postgresql.enable = true;
|
||||||
|
|
||||||
|
systemd.services.miniflux-dbsetup = {
|
||||||
|
description = "Miniflux database setup";
|
||||||
|
wantedBy = [ "multi-user.target" ];
|
||||||
|
requires = [ "postgresql.service" ];
|
||||||
|
after = [ "network.target" "postgresql.service" ];
|
||||||
|
serviceConfig = {
|
||||||
|
Type = "oneshot";
|
||||||
|
User = config.services.postgresql.superUser;
|
||||||
|
ExecStart = preStart;
|
||||||
|
};
|
||||||
|
};
|
||||||
|
|
||||||
systemd.services.miniflux = {
|
systemd.services.miniflux = {
|
||||||
description = "Miniflux service";
|
description = "Miniflux service";
|
||||||
wantedBy = [ "multi-user.target" ];
|
wantedBy = [ "multi-user.target" ];
|
||||||
requires = [ "postgresql.service" ];
|
requires = [ "postgresql.service" ];
|
||||||
after = [ "network.target" "postgresql.service" ];
|
after = [ "network.target" "postgresql.service" "miniflux-dbsetup.service" ];
|
||||||
|
|
||||||
serviceConfig = {
|
serviceConfig = {
|
||||||
ExecStart = "${pkgs.miniflux}/bin/miniflux";
|
ExecStart = "${pkgs.miniflux}/bin/miniflux";
|
||||||
ExecStartPre = "+${preStart}";
|
|
||||||
DynamicUser = true;
|
DynamicUser = true;
|
||||||
RuntimeDirectory = "miniflux";
|
RuntimeDirectory = "miniflux";
|
||||||
RuntimeDirectoryMode = "0700";
|
RuntimeDirectoryMode = "0700";
|
||||||
|
|
|
@ -20,6 +20,13 @@ with lib;
|
||||||
services.miniflux.enable = true;
|
services.miniflux.enable = true;
|
||||||
};
|
};
|
||||||
|
|
||||||
|
withoutSudo =
|
||||||
|
{ ... }:
|
||||||
|
{
|
||||||
|
services.miniflux.enable = true;
|
||||||
|
security.sudo.enable = false;
|
||||||
|
};
|
||||||
|
|
||||||
customized =
|
customized =
|
||||||
{ ... }:
|
{ ... }:
|
||||||
{
|
{
|
||||||
|
@ -46,6 +53,13 @@ with lib;
|
||||||
"curl 'http://localhost:${toString defaultPort}/v1/me' -u '${defaultUsername}:${defaultPassword}' -H Content-Type:application/json | grep -q '\"is_admin\":true'"
|
"curl 'http://localhost:${toString defaultPort}/v1/me' -u '${defaultUsername}:${defaultPassword}' -H Content-Type:application/json | grep -q '\"is_admin\":true'"
|
||||||
)
|
)
|
||||||
|
|
||||||
|
withoutSudo.wait_for_unit("miniflux.service")
|
||||||
|
withoutSudo.wait_for_open_port(${toString defaultPort})
|
||||||
|
withoutSudo.succeed("curl --fail 'http://localhost:${toString defaultPort}/healthcheck' | grep -q OK")
|
||||||
|
withoutSudo.succeed(
|
||||||
|
"curl 'http://localhost:${toString defaultPort}/v1/me' -u '${defaultUsername}:${defaultPassword}' -H Content-Type:application/json | grep -q '\"is_admin\":true'"
|
||||||
|
)
|
||||||
|
|
||||||
customized.wait_for_unit("miniflux.service")
|
customized.wait_for_unit("miniflux.service")
|
||||||
customized.wait_for_open_port(${toString port})
|
customized.wait_for_open_port(${toString port})
|
||||||
customized.succeed("curl --fail 'http://localhost:${toString port}/healthcheck' | grep -q OK")
|
customized.succeed("curl --fail 'http://localhost:${toString port}/healthcheck' | grep -q OK")
|
||||||
|
|
Loading…
Reference in New Issue