New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
nixos/gitea: update service configuration #94291
Conversation
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Looking good 👍 Just a few minor thoughts. Anyone agree or disagree with my comments?
WorkingDirectory = cfg.stateDir; | ||
ExecStart = "${gitea}/bin/gitea web"; | ||
ExecStart = "${gitea}/bin/gitea web --pid /run/gitea/gitea.pid"; |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@kolaente out of curiosity what impact will this have? I'm assuming it would have been better to have this all along?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
By default, Gitea puts its pid in /var/run/gitea.pid
, not sure about other effects though
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
While there shouldn't really be much of a reason to write PID files at all, gitea should really not use /var/run
, but /run
:https://refspecs.linuxfoundation.org/FHS_3.0/fhs/ch05s13.html
I opened go-gitea/gitea#12391, and propose we don't set this here at all.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
By default, systemd creates a folder in / run. Need to move pifd file to /run/gitea/gitea.pid ?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Should we really block on upstream here? Writing a pid file to /run/gitea
does not look like it would break anything. Also why was this pid file added now, did it not work before?
@@ -357,12 +384,22 @@ in | |||
}; | |||
|
|||
systemd.tmpfiles.rules = [ |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@kolaente just curious why gitea
does not provision any of its required sub directories itself. Do you have any insight on that?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
You mean the conf
, custom
and log
directories? IIRC it does that if you install it through the web wizard but probably not when installing it the way it is installed in nix.
(I'll ask the other maintainers if they know more about this)
LGTM (without having tested it yet). |
c666cd5
to
278e576
Compare
Update sandboxing options. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
How many options are listed here: https://docs.gitea.io/en-us/config-cheat-sheet/? 100? More? Should we add them all eventually?
If a nixos option isn't mandatory and doesn't do anything other than add a line to a configuration file there isn't much value in it. See NixOS/rfcs#42 for details discussing the cons to including every configuration option possible.
Removed |
baae9ca
to
98a9ae1
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Any remaining comments? Shall we merge?
Thanks for your work @Izorkin!
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Tested on my server, login and cloning works.
@GrahamcOfBorg test gitea |
This change triggered the installation wizard for me when upgrading from 20.03 to 20.09. That's not very nice. What needs to be done to avoid that? |
Need manually restart |
Indeed, that solved it. Thanks! |
Motivation for this change
Update tmpfiles rules, enable data access only for 'gitea' group.
Created option 'backupDir' to place gitea file dumps in custom path.
Add pid file, need to rotate the logы files using logrotate.
Added socket options to work with nginx over a socket.
cc @aanderse @srhb @c0deaddict @dasJ @Ma27 @Mic92 @flokli
Things done
sandbox
innix.conf
on non-NixOS linux)nix-shell -p nixpkgs-review --run "nixpkgs-review wip"
./result/bin/
)nix path-info -S
before and after)