nixos/gitea: update service configuration #94291
Conversation
| WorkingDirectory = cfg.stateDir; | ||
| ExecStart = "${gitea}/bin/gitea web"; | ||
| ExecStart = "${gitea}/bin/gitea web --pid /run/gitea/gitea.pid"; |
There was a problem hiding this comment.
@kolaente out of curiosity what impact will this have? I'm assuming it would have been better to have this all along?
There was a problem hiding this comment.
By default, Gitea puts its pid in /var/run/gitea.pid, not sure about other effects though
There was a problem hiding this comment.
While there shouldn't really be much of a reason to write PID files at all, gitea should really not use /var/run, but /run:https://refspecs.linuxfoundation.org/FHS_3.0/fhs/ch05s13.html
I opened go-gitea/gitea#12391, and propose we don't set this here at all.
There was a problem hiding this comment.
By default, systemd creates a folder in / run. Need to move pifd file to /run/gitea/gitea.pid ?
There was a problem hiding this comment.
Should we really block on upstream here? Writing a pid file to /run/gitea does not look like it would break anything. Also why was this pid file added now, did it not work before?
| @@ -357,12 +384,22 @@ in | |||
| }; | |||
|
|
|||
| systemd.tmpfiles.rules = [ | |||
There was a problem hiding this comment.
@kolaente just curious why gitea does not provision any of its required sub directories itself. Do you have any insight on that?
There was a problem hiding this comment.
You mean the conf, custom and log directories? IIRC it does that if you install it through the web wizard but probably not when installing it the way it is installed in nix.
(I'll ask the other maintainers if they know more about this)
|
LGTM (without having tested it yet). |
Izorkin
force-pushed
the
gitea
branch
2 times, most recently
from
c666cd5
to
278e576
Compare
|
Update sandboxing options. |
There was a problem hiding this comment.
How many options are listed here: https://docs.gitea.io/en-us/config-cheat-sheet/? 100? More? Should we add them all eventually?
If a nixos option isn't mandatory and doesn't do anything other than add a line to a configuration file there isn't much value in it. See NixOS/rfcs#42 for details discussing the cons to including every configuration option possible.
|
Removed |
Izorkin
force-pushed
the
gitea
branch
2 times, most recently
from
baae9ca
to
98a9ae1
Compare
|
@GrahamcOfBorg test gitea |
|
This change triggered the installation wizard for me when upgrading from 20.03 to 20.09. That's not very nice. What needs to be done to avoid that? |
|
Need manually restart |
|
Indeed, that solved it. Thanks! |
Motivation for this change
Update tmpfiles rules, enable data access only for 'gitea' group.
Created option 'backupDir' to place gitea file dumps in custom path.
Add pid file, need to rotate the logы files using logrotate.
Added socket options to work with nginx over a socket.
cc @aanderse @srhb @c0deaddict @dasJ @Ma27 @Mic92 @flokli
Things done
sandboxinnix.confon non-NixOS linux)nix-shell -p nixpkgs-review --run "nixpkgs-review wip"./result/bin/)nix path-info -Sbefore and after)