From 615f8b8982b26bbb1a3e202be020d27a9f205c62 Mon Sep 17 00:00:00 2001 From: Aaron Andersen Date: Wed, 22 May 2019 21:00:24 -0400 Subject: [PATCH] nixos/gitea: utilize mysql|postgresql.ensureDatabases & ensureUsers to provision databases --- nixos/modules/services/misc/gitea.nix | 53 ++++++++++++++++----------- nixos/tests/gitea.nix | 16 +------- 2 files changed, 33 insertions(+), 36 deletions(-) diff --git a/nixos/modules/services/misc/gitea.nix b/nixos/modules/services/misc/gitea.nix index 6fd4183bd6b..5f654230bf4 100644 --- a/nixos/modules/services/misc/gitea.nix +++ b/nixos/modules/services/misc/gitea.nix @@ -159,7 +159,8 @@ in socket = mkOption { type = types.nullOr types.path; - default = null; + default = if (cfg.database.createDatabase && usePostgresql) then "/run/postgresql" else if (cfg.database.createDatabase && useMysql) then "/run/mysqld/mysqld.sock" else null; + defaultText = "null"; example = "/run/mysqld/mysqld.sock"; description = "Path to the unix socket file to use for authentication."; }; @@ -173,10 +174,7 @@ in createDatabase = mkOption { type = types.bool; default = true; - description = '' - Whether to create a local postgresql database automatically. - This only applies if database type "postgres" is selected. - ''; + description = "Whether to create a local database automatically."; }; }; @@ -277,7 +275,34 @@ in }; config = mkIf cfg.enable { - services.postgresql.enable = mkIf usePostgresql (mkDefault true); + assertions = [ + { assertion = cfg.database.createDatabase -> cfg.database.user == cfg.user; + message = "services.gitea.database.user must match services.gitea.user if the database is to be automatically provisioned"; + } + ]; + + services.postgresql = optionalAttrs (usePostgresql && cfg.database.createDatabase) { + enable = mkDefault true; + + ensureDatabases = [ cfg.database.name ]; + ensureUsers = [ + { name = cfg.database.user; + ensurePermissions = { "DATABASE ${cfg.database.name}" = "ALL PRIVILEGES"; }; + } + ]; + }; + + services.mysql = optionalAttrs (useMysql && cfg.database.createDatabase) { + enable = mkDefault true; + package = mkDefault pkgs.mariadb; + + ensureDatabases = [ cfg.database.name ]; + ensureUsers = [ + { name = cfg.database.user; + ensurePermissions = { "${cfg.database.name}.*" = "ALL PRIVILEGES"; }; + } + ]; + }; systemd.services.gitea = { description = "gitea"; @@ -331,22 +356,6 @@ in then sed -ri 's,/nix/store/[a-z0-9.-]+/bin/gitea,${gitea.bin}/bin/gitea,g' ${cfg.stateDir}/.ssh/authorized_keys fi - '' + optionalString (usePostgresql && cfg.database.createDatabase) '' - if ! test -e "${cfg.stateDir}/db-created"; then - echo "CREATE ROLE ${cfg.database.user} - WITH ENCRYPTED PASSWORD '$(head -n1 ${cfg.database.passwordFile})' - NOCREATEDB NOCREATEROLE LOGIN" | - ${pkgs.sudo}/bin/sudo -u ${pg.superUser} ${pg.package}/bin/psql - ${pkgs.sudo}/bin/sudo -u ${pg.superUser} \ - ${pg.package}/bin/createdb \ - --owner=${cfg.database.user} \ - --encoding=UTF8 \ - --lc-collate=C \ - --lc-ctype=C \ - --template=template0 \ - ${cfg.database.name} - touch "${cfg.stateDir}/db-created" - fi '' + '' chown ${cfg.user} -R ${cfg.stateDir} ''; diff --git a/nixos/tests/gitea.nix b/nixos/tests/gitea.nix index cccf8c7cd44..b8ab6dabc8c 100644 --- a/nixos/tests/gitea.nix +++ b/nixos/tests/gitea.nix @@ -13,18 +13,8 @@ with pkgs.lib; machine = { config, pkgs, ... }: - { services.mysql.enable = true; - services.mysql.package = pkgs.mariadb; - services.mysql.ensureDatabases = [ "gitea" ]; - services.mysql.ensureUsers = [ - { name = "gitea"; - ensurePermissions = { "gitea.*" = "ALL PRIVILEGES"; }; - } - ]; - - services.gitea.enable = true; + { services.gitea.enable = true; services.gitea.database.type = "mysql"; - services.gitea.database.socket = "/run/mysqld/mysqld.sock"; }; testScript = '' @@ -42,10 +32,8 @@ with pkgs.lib; machine = { config, pkgs, ... }: - { - services.gitea.enable = true; + { services.gitea.enable = true; services.gitea.database.type = "postgres"; - services.gitea.database.passwordFile = pkgs.writeText "db-password" "secret"; }; testScript = ''