Skip to content
Permalink

Comparing changes

Choose two branches to see what’s changed or to start a new pull request. If you need to, you can also or learn more about diff comparisons.

Open a pull request

Create a new pull request by comparing changes across two branches. If you need to, you can also . Learn more about diff comparisons here.
base repository: NixOS/nixpkgs
Failed to load repositories. Confirm that selected base ref is valid, then try again.
Loading
base: 57301d9b2fc8
Choose a base ref
...
head repository: NixOS/nixpkgs
Failed to load repositories. Confirm that selected head ref is valid, then try again.
Loading
compare: 401360e15b6b
Choose a head ref
  • 4 commits
  • 2 files changed
  • 2 contributors

Commits on Jun 11, 2019

  1. nixos/gitea: utilize mysql|postgresql.ensureDatabases & ensureUsers t… 

    …o provision databases
    @aanderse
    aanderse committed Jun 11, 2019
    Copy the full SHA
    615f8b8 View commit details

  2. nixos/gitea: define a gitea group to avoid "nogroup" ownership

    @aanderse
    aanderse committed Jun 11, 2019
    Copy the full SHA
    9d251d8 View commit details

  3. nixos/gitea: replace deprecated usage of PermissionsStartOnly 

    see #53852
    @aanderse
    aanderse committed Jun 11, 2019
    1
    Copy the full SHA
    7145cf2 View commit details

Commits on Jun 12, 2019

  1. Merge pull request #61923 from aanderse/gitea 

    nixos/gitea: make use of declarative features where applicable
    @Ma27
    Ma27 authored Jun 12, 2019
    Copy the full SHA
    401360e View commit details
Showing with 52 additions and 54 deletions.
  1. +50 −40 nixos/modules/services/misc/gitea.nix
  2. +2 −14 nixos/tests/gitea.nix
90 changes: 50 additions & 40 deletions nixos/modules/services/misc/gitea.nix
View file
Original file line number Diff line number Diff line change
@@ -159,7 +159,8 @@ in

socket = mkOption {
type = types.nullOr types.path;
default = null;
default = if (cfg.database.createDatabase && usePostgresql) then "/run/postgresql" else if (cfg.database.createDatabase && useMysql) then "/run/mysqld/mysqld.sock" else null;
defaultText = "null";
example = "/run/mysqld/mysqld.sock";
description = "Path to the unix socket file to use for authentication.";
};
@@ -173,10 +174,7 @@ in
createDatabase = mkOption {
type = types.bool;
default = true;
description = ''
Whether to create a local postgresql database automatically.
This only applies if database type "postgres" is selected.
'';
description = "Whether to create a local database automatically.";
};
};

@@ -277,7 +275,46 @@ in
};

config = mkIf cfg.enable {
services.postgresql.enable = mkIf usePostgresql (mkDefault true);
assertions = [
{ assertion = cfg.database.createDatabase -> cfg.database.user == cfg.user;
message = "services.gitea.database.user must match services.gitea.user if the database is to be automatically provisioned";
}
];

services.postgresql = optionalAttrs (usePostgresql && cfg.database.createDatabase) {
enable = mkDefault true;

ensureDatabases = [ cfg.database.name ];
ensureUsers = [
{ name = cfg.database.user;
ensurePermissions = { "DATABASE ${cfg.database.name}" = "ALL PRIVILEGES"; };
}
];
};

services.mysql = optionalAttrs (useMysql && cfg.database.createDatabase) {
enable = mkDefault true;
package = mkDefault pkgs.mariadb;

ensureDatabases = [ cfg.database.name ];
ensureUsers = [
{ name = cfg.database.user;
ensurePermissions = { "${cfg.database.name}.*" = "ALL PRIVILEGES"; };
}
];
};

systemd.tmpfiles.rules = [
"d '${cfg.stateDir}' - ${cfg.user} gitea - -"
"d '${cfg.stateDir}/conf' - ${cfg.user} gitea - -"
"d '${cfg.stateDir}/custom/conf' - ${cfg.user} gitea - -"
"d '${cfg.repositoryRoot}' - ${cfg.user} gitea - -"
"Z '${cfg.stateDir}' - ${cfg.user} gitea - -"

# If we have a folder or symlink with gitea locales, remove it
# And symlink the current gitea locales in place
"L+ '${cfg.stateDir}/conf/locale' - - - - ${gitea.out}/locale"
];

systemd.services.gitea = {
description = "gitea";
@@ -289,12 +326,8 @@ in
runConfig = "${cfg.stateDir}/custom/conf/app.ini";
secretKey = "${cfg.stateDir}/custom/conf/secret_key";
in ''
# Make sure that the stateDir exists, as well as the conf dir in there
mkdir -p ${cfg.stateDir}/conf
# copy custom configuration and generate a random secret key if needed
${optionalString (cfg.useWizard == false) ''
mkdir -p ${cfg.stateDir}/custom/conf
cp -f ${configFile} ${runConfig}
if [ ! -e ${secretKey} ]; then
@@ -309,7 +342,6 @@ in
chmod 640 ${runConfig} ${secretKey}
''}
mkdir -p ${cfg.repositoryRoot}
# update all hooks' binary paths
HOOKS=$(find ${cfg.repositoryRoot} -mindepth 4 -maxdepth 6 -type f -wholename "*git/hooks/*")
if [ "$HOOKS" ]
@@ -319,43 +351,19 @@ in
sed -ri 's,/nix/store/[a-z0-9.-]+/bin/bash,${pkgs.bash}/bin/bash,g' $HOOKS
sed -ri 's,/nix/store/[a-z0-9.-]+/bin/perl,${pkgs.perl}/bin/perl,g' $HOOKS
fi
# If we have a folder or symlink with gitea locales, remove it
if [ -e ${cfg.stateDir}/conf/locale ]
then
rm -r ${cfg.stateDir}/conf/locale
fi
# And symlink the current gitea locales in place
ln -s ${gitea.out}/locale ${cfg.stateDir}/conf/locale
# update command option in authorized_keys
if [ -r ${cfg.stateDir}/.ssh/authorized_keys ]
then
sed -ri 's,/nix/store/[a-z0-9.-]+/bin/gitea,${gitea.bin}/bin/gitea,g' ${cfg.stateDir}/.ssh/authorized_keys
fi
'' + optionalString (usePostgresql && cfg.database.createDatabase) ''
if ! test -e "${cfg.stateDir}/db-created"; then
echo "CREATE ROLE ${cfg.database.user}
WITH ENCRYPTED PASSWORD '$(head -n1 ${cfg.database.passwordFile})'
NOCREATEDB NOCREATEROLE LOGIN" |
${pkgs.sudo}/bin/sudo -u ${pg.superUser} ${pg.package}/bin/psql
${pkgs.sudo}/bin/sudo -u ${pg.superUser} \
${pg.package}/bin/createdb \
--owner=${cfg.database.user} \
--encoding=UTF8 \
--lc-collate=C \
--lc-ctype=C \
--template=template0 \
${cfg.database.name}
touch "${cfg.stateDir}/db-created"
fi
'' + ''
chown ${cfg.user} -R ${cfg.stateDir}
'';

serviceConfig = {
Type = "simple";
User = cfg.user;
Group = "gitea";
WorkingDirectory = cfg.stateDir;
PermissionsStartOnly = true;
ExecStart = "${gitea.bin}/bin/gitea web";
Restart = "always";
};
@@ -367,15 +375,17 @@ in
};
};

users = mkIf (cfg.user == "gitea") {
users.gitea = {
users.users = mkIf (cfg.user == "gitea") {
gitea = {
description = "Gitea Service";
home = cfg.stateDir;
createHome = true;
useDefaultShell = true;
group = "gitea";
};
};

users.groups.gitea = {};

warnings = optional (cfg.database.password != "")
''config.services.gitea.database.password will be stored as plaintext
in the Nix store. Use database.passwordFile instead.'';
16 changes: 2 additions & 14 deletions nixos/tests/gitea.nix
View file
Original file line number Diff line number Diff line change
@@ -13,18 +13,8 @@ with pkgs.lib;

machine =
{ config, pkgs, ... }:
{ services.mysql.enable = true;
services.mysql.package = pkgs.mariadb;
services.mysql.ensureDatabases = [ "gitea" ];
services.mysql.ensureUsers = [
{ name = "gitea";
ensurePermissions = { "gitea.*" = "ALL PRIVILEGES"; };
}
];

services.gitea.enable = true;
{ services.gitea.enable = true;
services.gitea.database.type = "mysql";
services.gitea.database.socket = "/run/mysqld/mysqld.sock";
};

testScript = ''
@@ -42,10 +32,8 @@ with pkgs.lib;

machine =
{ config, pkgs, ... }:
{
services.gitea.enable = true;
{ services.gitea.enable = true;
services.gitea.database.type = "postgres";
services.gitea.database.passwordFile = pkgs.writeText "db-password" "secret";
};

testScript = ''