Merge pull request #157519 from talyz/gitlab-error-handling
nixos/gitlab: Implement better script error handling
This commit is contained in:
commit
415b9c3b5a
|
@ -149,10 +149,16 @@ rec {
|
||||||
if [[ -h '${output}' ]]; then
|
if [[ -h '${output}' ]]; then
|
||||||
rm '${output}'
|
rm '${output}'
|
||||||
fi
|
fi
|
||||||
|
|
||||||
|
inherit_errexit_restore=$(shopt -p inherit_errexit)
|
||||||
|
shopt -s inherit_errexit
|
||||||
''
|
''
|
||||||
+ concatStringsSep
|
+ concatStringsSep
|
||||||
"\n"
|
"\n"
|
||||||
(imap1 (index: name: "export secret${toString index}=$(<'${secrets.${name}}')")
|
(imap1 (index: name: ''
|
||||||
|
secret${toString index}=$(<'${secrets.${name}}')
|
||||||
|
export secret${toString index}
|
||||||
|
'')
|
||||||
(attrNames secrets))
|
(attrNames secrets))
|
||||||
+ "\n"
|
+ "\n"
|
||||||
+ "${pkgs.jq}/bin/jq >'${output}' '"
|
+ "${pkgs.jq}/bin/jq >'${output}' '"
|
||||||
|
@ -164,6 +170,7 @@ rec {
|
||||||
' <<'EOF'
|
' <<'EOF'
|
||||||
${builtins.toJSON set}
|
${builtins.toJSON set}
|
||||||
EOF
|
EOF
|
||||||
|
$inherit_errexit_restore
|
||||||
'';
|
'';
|
||||||
|
|
||||||
systemdUtils = {
|
systemdUtils = {
|
||||||
|
|
|
@ -1131,8 +1131,8 @@ in {
|
||||||
|
|
||||||
ExecStartPre = let
|
ExecStartPre = let
|
||||||
preStartFullPrivileges = ''
|
preStartFullPrivileges = ''
|
||||||
shopt -s dotglob nullglob
|
set -o errexit -o pipefail -o nounset
|
||||||
set -eu
|
shopt -s dotglob nullglob inherit_errexit
|
||||||
|
|
||||||
chown --no-dereference '${cfg.user}':'${cfg.group}' '${cfg.statePath}'/*
|
chown --no-dereference '${cfg.user}':'${cfg.group}' '${cfg.statePath}'/*
|
||||||
if [[ -n "$(ls -A '${cfg.statePath}'/config/)" ]]; then
|
if [[ -n "$(ls -A '${cfg.statePath}'/config/)" ]]; then
|
||||||
|
@ -1142,7 +1142,8 @@ in {
|
||||||
in "+${pkgs.writeShellScript "gitlab-pre-start-full-privileges" preStartFullPrivileges}";
|
in "+${pkgs.writeShellScript "gitlab-pre-start-full-privileges" preStartFullPrivileges}";
|
||||||
|
|
||||||
ExecStart = pkgs.writeShellScript "gitlab-config" ''
|
ExecStart = pkgs.writeShellScript "gitlab-config" ''
|
||||||
set -eu
|
set -o errexit -o pipefail -o nounset
|
||||||
|
shopt -s inherit_errexit
|
||||||
|
|
||||||
umask u=rwx,g=rx,o=
|
umask u=rwx,g=rx,o=
|
||||||
|
|
||||||
|
@ -1171,7 +1172,8 @@ in {
|
||||||
rm -f '${cfg.statePath}/config/database.yml'
|
rm -f '${cfg.statePath}/config/database.yml'
|
||||||
|
|
||||||
${if cfg.databasePasswordFile != null then ''
|
${if cfg.databasePasswordFile != null then ''
|
||||||
export db_password="$(<'${cfg.databasePasswordFile}')"
|
db_password="$(<'${cfg.databasePasswordFile}')"
|
||||||
|
export db_password
|
||||||
|
|
||||||
if [[ -z "$db_password" ]]; then
|
if [[ -z "$db_password" ]]; then
|
||||||
>&2 echo "Database password was an empty string!"
|
>&2 echo "Database password was an empty string!"
|
||||||
|
@ -1195,10 +1197,11 @@ in {
|
||||||
|
|
||||||
rm -f '${cfg.statePath}/config/secrets.yml'
|
rm -f '${cfg.statePath}/config/secrets.yml'
|
||||||
|
|
||||||
export secret="$(<'${cfg.secrets.secretFile}')"
|
secret="$(<'${cfg.secrets.secretFile}')"
|
||||||
export db="$(<'${cfg.secrets.dbFile}')"
|
db="$(<'${cfg.secrets.dbFile}')"
|
||||||
export otp="$(<'${cfg.secrets.otpFile}')"
|
otp="$(<'${cfg.secrets.otpFile}')"
|
||||||
export jws="$(<'${cfg.secrets.jwsFile}')"
|
jws="$(<'${cfg.secrets.jwsFile}')"
|
||||||
|
export secret db otp jws
|
||||||
jq -n '{production: {secret_key_base: $ENV.secret,
|
jq -n '{production: {secret_key_base: $ENV.secret,
|
||||||
otp_key_base: $ENV.otp,
|
otp_key_base: $ENV.otp,
|
||||||
db_key_base: $ENV.db,
|
db_key_base: $ENV.db,
|
||||||
|
@ -1232,7 +1235,8 @@ in {
|
||||||
RemainAfterExit = true;
|
RemainAfterExit = true;
|
||||||
|
|
||||||
ExecStart = pkgs.writeShellScript "gitlab-db-config" ''
|
ExecStart = pkgs.writeShellScript "gitlab-db-config" ''
|
||||||
set -eu
|
set -o errexit -o pipefail -o nounset
|
||||||
|
shopt -s inherit_errexit
|
||||||
umask u=rwx,g=rx,o=
|
umask u=rwx,g=rx,o=
|
||||||
|
|
||||||
initial_root_password="$(<'${cfg.initialRootPasswordFile}')"
|
initial_root_password="$(<'${cfg.initialRootPasswordFile}')"
|
||||||
|
|
Loading…
Reference in a new issue