b12f/nixpkgs
1
0
Fork 0
Code Issues Pull requests Packages Projects Releases Wiki Activity

Merge pull request #157519 from talyz/gitlab-error-handling

Browse source 
nixos/gitlab: Implement better script error handling
This commit is contained in:
Kim Lindberger 2022-02-03 22:19:03 +01:00 committed by GitHub
parent b00ecd5e3d b65b9bf73c
commit 415b9c3b5a
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
2 changed files with 21 additions and 10 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

9
nixos/lib/utils.nix
View file

@ -149,10 +149,16 @@ rec {
if [[ -h '${output}' ]]; then if [[ -h '${output}' ]]; then
rm '${output}' rm '${output}'
fi fi
inherit_errexit_restore=$(shopt -p inherit_errexit)
shopt -s inherit_errexit
'' ''
+ concatStringsSep + concatStringsSep
"\n" "\n"
(imap1 (index: name: "export secret${toString index}=$(<'${secrets.${name}}')") (imap1 (index: name: ''
secret${toString index}=$(<'${secrets.${name}}')
export secret${toString index}
'')
(attrNames secrets)) (attrNames secrets))
+ "\n" + "\n"
+ "${pkgs.jq}/bin/jq >'${output}' '" + "${pkgs.jq}/bin/jq >'${output}' '"
@ -164,6 +170,7 @@ rec {
' <<'EOF' ' <<'EOF'
${builtins.toJSON set} ${builtins.toJSON set}
EOF EOF
$inherit_errexit_restore
''; '';
systemdUtils = { systemdUtils = {

22
nixos/modules/services/misc/gitlab.nix
View file

@ -1131,8 +1131,8 @@ in {
ExecStartPre = let ExecStartPre = let
preStartFullPrivileges = '' preStartFullPrivileges = ''
shopt -s dotglob nullglob set -o errexit -o pipefail -o nounset
set -eu shopt -s dotglob nullglob inherit_errexit
chown --no-dereference '${cfg.user}':'${cfg.group}' '${cfg.statePath}'/* chown --no-dereference '${cfg.user}':'${cfg.group}' '${cfg.statePath}'/*
if [[ -n "$(ls -A '${cfg.statePath}'/config/)" ]]; then if [[ -n "$(ls -A '${cfg.statePath}'/config/)" ]]; then
@ -1142,7 +1142,8 @@ in {
in "+${pkgs.writeShellScript "gitlab-pre-start-full-privileges" preStartFullPrivileges}"; in "+${pkgs.writeShellScript "gitlab-pre-start-full-privileges" preStartFullPrivileges}";
ExecStart = pkgs.writeShellScript "gitlab-config" '' ExecStart = pkgs.writeShellScript "gitlab-config" ''
set -eu set -o errexit -o pipefail -o nounset
shopt -s inherit_errexit
umask u=rwx,g=rx,o= umask u=rwx,g=rx,o=
@ -1171,7 +1172,8 @@ in {
rm -f '${cfg.statePath}/config/database.yml' rm -f '${cfg.statePath}/config/database.yml'
${if cfg.databasePasswordFile != null then '' ${if cfg.databasePasswordFile != null then ''
export db_password="$(<'${cfg.databasePasswordFile}')" db_password="$(<'${cfg.databasePasswordFile}')"
export db_password
if [[ -z "$db_password" ]]; then if [[ -z "$db_password" ]]; then
>&2 echo "Database password was an empty string!" >&2 echo "Database password was an empty string!"
@ -1195,10 +1197,11 @@ in {
rm -f '${cfg.statePath}/config/secrets.yml' rm -f '${cfg.statePath}/config/secrets.yml'
export secret="$(<'${cfg.secrets.secretFile}')" secret="$(<'${cfg.secrets.secretFile}')"
export db="$(<'${cfg.secrets.dbFile}')" db="$(<'${cfg.secrets.dbFile}')"
export otp="$(<'${cfg.secrets.otpFile}')" otp="$(<'${cfg.secrets.otpFile}')"
export jws="$(<'${cfg.secrets.jwsFile}')" jws="$(<'${cfg.secrets.jwsFile}')"
export secret db otp jws
jq -n '{production: {secret_key_base: $ENV.secret, jq -n '{production: {secret_key_base: $ENV.secret,
otp_key_base: $ENV.otp, otp_key_base: $ENV.otp,
db_key_base: $ENV.db, db_key_base: $ENV.db,
@ -1232,7 +1235,8 @@ in {
RemainAfterExit = true; RemainAfterExit = true;
ExecStart = pkgs.writeShellScript "gitlab-db-config" '' ExecStart = pkgs.writeShellScript "gitlab-db-config" ''
set -eu set -o errexit -o pipefail -o nounset
shopt -s inherit_errexit
umask u=rwx,g=rx,o= umask u=rwx,g=rx,o=
initial_root_password="$(<'${cfg.initialRootPasswordFile}')" initial_root_password="$(<'${cfg.initialRootPasswordFile}')"