diff options
author | Aaron Andersen <aaron@fosslib.net> | 2019-05-22 21:00:24 -0400 |
---|---|---|
committer | Aaron Andersen <aaron@fosslib.net> | 2019-06-10 20:32:28 -0400 |
commit | 615f8b8982b26bbb1a3e202be020d27a9f205c62 (patch) | |
tree | b5cb63bb0301e45eb510c4a0dc451a9330ab40ad | |
parent | 2256b5674838a7c6276fb660df7862998a4b92fe (diff) |
nixos/gitea: utilize mysql|postgresql.ensureDatabases & ensureUsers to provision databases
-rw-r--r-- | nixos/modules/services/misc/gitea.nix | 53 | ||||
-rw-r--r-- | nixos/tests/gitea.nix | 16 |
2 files changed, 33 insertions, 36 deletions
diff --git a/nixos/modules/services/misc/gitea.nix b/nixos/modules/services/misc/gitea.nix index 6fd4183bd6b4f..5f654230bf4c5 100644 --- a/nixos/modules/services/misc/gitea.nix +++ b/nixos/modules/services/misc/gitea.nix @@ -159,7 +159,8 @@ in socket = mkOption { type = types.nullOr types.path; - default = null; + default = if (cfg.database.createDatabase && usePostgresql) then "/run/postgresql" else if (cfg.database.createDatabase && useMysql) then "/run/mysqld/mysqld.sock" else null; + defaultText = "null"; example = "/run/mysqld/mysqld.sock"; description = "Path to the unix socket file to use for authentication."; }; @@ -173,10 +174,7 @@ in createDatabase = mkOption { type = types.bool; default = true; - description = '' - Whether to create a local postgresql database automatically. - This only applies if database type "postgres" is selected. - ''; + description = "Whether to create a local database automatically."; }; }; @@ -277,7 +275,34 @@ in }; config = mkIf cfg.enable { - services.postgresql.enable = mkIf usePostgresql (mkDefault true); + assertions = [ + { assertion = cfg.database.createDatabase -> cfg.database.user == cfg.user; + message = "services.gitea.database.user must match services.gitea.user if the database is to be automatically provisioned"; + } + ]; + + services.postgresql = optionalAttrs (usePostgresql && cfg.database.createDatabase) { + enable = mkDefault true; + + ensureDatabases = [ cfg.database.name ]; + ensureUsers = [ + { name = cfg.database.user; + ensurePermissions = { "DATABASE ${cfg.database.name}" = "ALL PRIVILEGES"; }; + } + ]; + }; + + services.mysql = optionalAttrs (useMysql && cfg.database.createDatabase) { + enable = mkDefault true; + package = mkDefault pkgs.mariadb; + + ensureDatabases = [ cfg.database.name ]; + ensureUsers = [ + { name = cfg.database.user; + ensurePermissions = { "${cfg.database.name}.*" = "ALL PRIVILEGES"; }; + } + ]; + }; systemd.services.gitea = { description = "gitea"; @@ -331,22 +356,6 @@ in then sed -ri 's,/nix/store/[a-z0-9.-]+/bin/gitea,${gitea.bin}/bin/gitea,g' ${cfg.stateDir}/.ssh/authorized_keys fi - '' + optionalString (usePostgresql && cfg.database.createDatabase) '' - if ! test -e "${cfg.stateDir}/db-created"; then - echo "CREATE ROLE ${cfg.database.user} - WITH ENCRYPTED PASSWORD '$(head -n1 ${cfg.database.passwordFile})' - NOCREATEDB NOCREATEROLE LOGIN" | - ${pkgs.sudo}/bin/sudo -u ${pg.superUser} ${pg.package}/bin/psql - ${pkgs.sudo}/bin/sudo -u ${pg.superUser} \ - ${pg.package}/bin/createdb \ - --owner=${cfg.database.user} \ - --encoding=UTF8 \ - --lc-collate=C \ - --lc-ctype=C \ - --template=template0 \ - ${cfg.database.name} - touch "${cfg.stateDir}/db-created" - fi '' + '' chown ${cfg.user} -R ${cfg.stateDir} ''; diff --git a/nixos/tests/gitea.nix b/nixos/tests/gitea.nix index cccf8c7cd44fe..b8ab6dabc8c1f 100644 --- a/nixos/tests/gitea.nix +++ b/nixos/tests/gitea.nix @@ -13,18 +13,8 @@ with pkgs.lib; machine = { config, pkgs, ... }: - { services.mysql.enable = true; - services.mysql.package = pkgs.mariadb; - services.mysql.ensureDatabases = [ "gitea" ]; - services.mysql.ensureUsers = [ - { name = "gitea"; - ensurePermissions = { "gitea.*" = "ALL PRIVILEGES"; }; - } - ]; - - services.gitea.enable = true; + { services.gitea.enable = true; services.gitea.database.type = "mysql"; - services.gitea.database.socket = "/run/mysqld/mysqld.sock"; }; testScript = '' @@ -42,10 +32,8 @@ with pkgs.lib; machine = { config, pkgs, ... }: - { - services.gitea.enable = true; + { services.gitea.enable = true; services.gitea.database.type = "postgres"; - services.gitea.database.passwordFile = pkgs.writeText "db-password" "secret"; }; testScript = '' |