Skip to content
Permalink

Comparing changes

Choose two branches to see what’s changed or to start a new pull request. If you need to, you can also or learn more about diff comparisons.

Open a pull request

Create a new pull request by comparing changes across two branches. If you need to, you can also . Learn more about diff comparisons here.
base repository: NixOS/nixpkgs
Failed to load repositories. Confirm that selected base ref is valid, then try again.
Loading
base: e2fc9ea2aa53
Choose a base ref
...
head repository: NixOS/nixpkgs
Failed to load repositories. Confirm that selected head ref is valid, then try again.
Loading
compare: 002cce23f7e3
Choose a head ref
  • 2 commits
  • 1 file changed
  • 2 contributors

Commits on May 25, 2019

  1. nixos/hydron: replace deprecated usage of PermissionsStartOnly 

    see #53852
    @aanderse
    aanderse committed May 25, 2019

    Unverified

    This commit is not signed, but one or more authors requires that any commit attributed to them is signed.
    Learn about vigilant mode
    Copy the full SHA
    d27be52 View commit details

Commits on Jun 1, 2019

  1. Merge pull request #62050 from aanderse/hydron 

    nixos/hydron: replace deprecated usage of PermissionsStartOnly
    @matthewbauer
    matthewbauer authored Jun 1, 2019
    Copy the full SHA
    002cce2 View commit details
Showing with 22 additions and 24 deletions.
  1. +22 −24 nixos/modules/services/web-servers/hydron.nix
46 changes: 22 additions & 24 deletions nixos/modules/services/web-servers/hydron.nix
View file
Original file line number Diff line number Diff line change
@@ -2,7 +2,6 @@

let
cfg = config.services.hydron;
postgres = config.services.postgresql;
in with lib; {
options.services.hydron = {
enable = mkEnableOption "hydron";
@@ -81,40 +80,40 @@ in with lib; {
};

config = mkIf cfg.enable {
security.sudo.enable = cfg.enable;
services.postgresql.enable = cfg.enable;
services.hydron.passwordFile = mkDefault (pkgs.writeText "hydron-password-file" cfg.password);
services.hydron.postgresArgsFile = mkDefault (pkgs.writeText "hydron-postgres-args" cfg.postgresArgs);
services.hydron.postgresArgs = mkDefault ''
{
"driver": "postgres",
"connection": "user=hydron password=${cfg.password} dbname=hydron sslmode=disable"
"connection": "user=hydron password=${cfg.password} host=/run/postgresql dbname=hydron sslmode=disable"
}
'';

services.postgresql = {
enable = true;
ensureDatabases = [ "hydron" ];
ensureUsers = [
{ name = "hydron";
ensurePermissions = { "DATABASE hydron" = "ALL PRIVILEGES"; };
}
];
};

systemd.tmpfiles.rules = [
"d '${cfg.dataDir}' 0750 hydron hydron - -"
"d '${cfg.dataDir}/.hydron' - hydron hydron - -"
"d '${cfg.dataDir}/images' - hydron hydron - -"
"Z '${cfg.dataDir}' - hydron hydron - -"

"L+ '${cfg.dataDir}/.hydron/db_conf.json' - - - - ${cfg.postgresArgsFile}"
];

systemd.services.hydron = {
description = "hydron";
after = [ "network.target" "postgresql.service" ];
wantedBy = [ "multi-user.target" ];

preStart = ''
# Ensure folder exists or create it and permissions are correct
mkdir -p ${escapeShellArg cfg.dataDir}/{.hydron,images}
ln -sf ${escapeShellArg cfg.postgresArgsFile} ${escapeShellArg cfg.dataDir}/.hydron/db_conf.json
chmod 750 ${escapeShellArg cfg.dataDir}
chown -R hydron:hydron ${escapeShellArg cfg.dataDir}
# Ensure the database is correct or create it
${pkgs.sudo}/bin/sudo -u ${postgres.superUser} ${postgres.package}/bin/createuser \
-SDR hydron || true
${pkgs.sudo}/bin/sudo -u ${postgres.superUser} ${postgres.package}/bin/createdb \
-T template0 -E UTF8 -O hydron hydron || true
${pkgs.sudo}/bin/sudo -u hydron ${postgres.package}/bin/psql \
-c "ALTER ROLE hydron WITH PASSWORD '$(cat ${escapeShellArg cfg.passwordFile})';" || true
'';

serviceConfig = {
PermissionsStartOnly = true;
User = "hydron";
Group = "hydron";
ExecStart = "${pkgs.hydron}/bin/hydron serve"
@@ -139,7 +138,7 @@ in with lib; {
description = "Automatically import paths into hydron and possibly fetch tags";
after = [ "network.target" "hydron.service" ];
wantedBy = [ "timers.target" ];

timerConfig = {
Persistent = true;
OnCalendar = cfg.interval;
@@ -148,11 +147,10 @@ in with lib; {

users = {
groups.hydron.gid = config.ids.gids.hydron;

users.hydron = {
description = "hydron server service user";
home = cfg.dataDir;
createHome = true;
group = "hydron";
uid = config.ids.uids.hydron;
};