public/nixpkgs
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

nixos/gitea: utilize mysql|postgresql.ensureDatabases & ensureUsers to provision databases

Browse Source
This commit is contained in:
Aaron Andersen 2019-05-22 21:00:24 -04:00
parent 2256b56748
commit 615f8b8982
2 changed files with 33 additions and 36 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

53
nixos/modules/services/misc/gitea.nix
View File

@ -159,7 +159,8 @@ in
socket = mkOption { socket = mkOption {
type = types.nullOr types.path; type = types.nullOr types.path;
default = null; default = if (cfg.database.createDatabase && usePostgresql) then "/run/postgresql" else if (cfg.database.createDatabase && useMysql) then "/run/mysqld/mysqld.sock" else null;
defaultText = "null";
example = "/run/mysqld/mysqld.sock"; example = "/run/mysqld/mysqld.sock";
description = "Path to the unix socket file to use for authentication."; description = "Path to the unix socket file to use for authentication.";
}; };
@ -173,10 +174,7 @@ in
createDatabase = mkOption { createDatabase = mkOption {
type = types.bool; type = types.bool;
default = true; default = true;
description = '' description = "Whether to create a local database automatically.";
Whether to create a local postgresql database automatically.
This only applies if database type "postgres" is selected.
'';
}; };
}; };
@ -277,7 +275,34 @@ in
}; };
config = mkIf cfg.enable { config = mkIf cfg.enable {
services.postgresql.enable = mkIf usePostgresql (mkDefault true); assertions = [
{ assertion = cfg.database.createDatabase -> cfg.database.user == cfg.user;
message = "services.gitea.database.user must match services.gitea.user if the database is to be automatically provisioned";
}
];
services.postgresql = optionalAttrs (usePostgresql && cfg.database.createDatabase) {
enable = mkDefault true;
ensureDatabases = [ cfg.database.name ];
ensureUsers = [
{ name = cfg.database.user;
ensurePermissions = { "DATABASE ${cfg.database.name}" = "ALL PRIVILEGES"; };
}
];
};
services.mysql = optionalAttrs (useMysql && cfg.database.createDatabase) {
enable = mkDefault true;
package = mkDefault pkgs.mariadb;
ensureDatabases = [ cfg.database.name ];
ensureUsers = [
{ name = cfg.database.user;
ensurePermissions = { "${cfg.database.name}.*" = "ALL PRIVILEGES"; };
}
];
};
systemd.services.gitea = { systemd.services.gitea = {
description = "gitea"; description = "gitea";
@ -331,22 +356,6 @@ in
then then
sed -ri 's,/nix/store/[a-z0-9.-]+/bin/gitea,${gitea.bin}/bin/gitea,g' ${cfg.stateDir}/.ssh/authorized_keys sed -ri 's,/nix/store/[a-z0-9.-]+/bin/gitea,${gitea.bin}/bin/gitea,g' ${cfg.stateDir}/.ssh/authorized_keys
fi fi
'' + optionalString (usePostgresql && cfg.database.createDatabase) ''
if ! test -e "${cfg.stateDir}/db-created"; then
echo "CREATE ROLE ${cfg.database.user}
WITH ENCRYPTED PASSWORD '$(head -n1 ${cfg.database.passwordFile})'
NOCREATEDB NOCREATEROLE LOGIN" |
${pkgs.sudo}/bin/sudo -u ${pg.superUser} ${pg.package}/bin/psql
${pkgs.sudo}/bin/sudo -u ${pg.superUser} \
${pg.package}/bin/createdb \
--owner=${cfg.database.user} \
--encoding=UTF8 \
--lc-collate=C \
--lc-ctype=C \
--template=template0 \
${cfg.database.name}
touch "${cfg.stateDir}/db-created"
fi
'' + '' '' + ''
chown ${cfg.user} -R ${cfg.stateDir} chown ${cfg.user} -R ${cfg.stateDir}
''; '';

16
nixos/tests/gitea.nix
View File

@ -13,18 +13,8 @@ with pkgs.lib;
machine = machine =
{ config, pkgs, ... }: { config, pkgs, ... }:
{ services.mysql.enable = true; { services.gitea.enable = true;
services.mysql.package = pkgs.mariadb;
services.mysql.ensureDatabases = [ "gitea" ];
services.mysql.ensureUsers = [
{ name = "gitea";
ensurePermissions = { "gitea.*" = "ALL PRIVILEGES"; };
}
];
services.gitea.enable = true;
services.gitea.database.type = "mysql"; services.gitea.database.type = "mysql";
services.gitea.database.socket = "/run/mysqld/mysqld.sock";
}; };
testScript = '' testScript = ''
@ -42,10 +32,8 @@ with pkgs.lib;
machine = machine =
{ config, pkgs, ... }: { config, pkgs, ... }:
{ { services.gitea.enable = true;
services.gitea.enable = true;
services.gitea.database.type = "postgres"; services.gitea.database.type = "postgres";
services.gitea.database.passwordFile = pkgs.writeText "db-password" "secret";
}; };
testScript = '' testScript = ''