Merge pull request #157519 from talyz/gitlab-error-handling
nixos/gitlab: Implement better script error handling
This commit is contained in:
commit
415b9c3b5a
|
@ -149,10 +149,16 @@ rec {
|
|||
if [[ -h '${output}' ]]; then
|
||||
rm '${output}'
|
||||
fi
|
||||
|
||||
inherit_errexit_restore=$(shopt -p inherit_errexit)
|
||||
shopt -s inherit_errexit
|
||||
''
|
||||
+ concatStringsSep
|
||||
"\n"
|
||||
(imap1 (index: name: "export secret${toString index}=$(<'${secrets.${name}}')")
|
||||
(imap1 (index: name: ''
|
||||
secret${toString index}=$(<'${secrets.${name}}')
|
||||
export secret${toString index}
|
||||
'')
|
||||
(attrNames secrets))
|
||||
+ "\n"
|
||||
+ "${pkgs.jq}/bin/jq >'${output}' '"
|
||||
|
@ -164,6 +170,7 @@ rec {
|
|||
' <<'EOF'
|
||||
${builtins.toJSON set}
|
||||
EOF
|
||||
$inherit_errexit_restore
|
||||
'';
|
||||
|
||||
systemdUtils = {
|
||||
|
|
|
@ -1131,8 +1131,8 @@ in {
|
|||
|
||||
ExecStartPre = let
|
||||
preStartFullPrivileges = ''
|
||||
shopt -s dotglob nullglob
|
||||
set -eu
|
||||
set -o errexit -o pipefail -o nounset
|
||||
shopt -s dotglob nullglob inherit_errexit
|
||||
|
||||
chown --no-dereference '${cfg.user}':'${cfg.group}' '${cfg.statePath}'/*
|
||||
if [[ -n "$(ls -A '${cfg.statePath}'/config/)" ]]; then
|
||||
|
@ -1142,7 +1142,8 @@ in {
|
|||
in "+${pkgs.writeShellScript "gitlab-pre-start-full-privileges" preStartFullPrivileges}";
|
||||
|
||||
ExecStart = pkgs.writeShellScript "gitlab-config" ''
|
||||
set -eu
|
||||
set -o errexit -o pipefail -o nounset
|
||||
shopt -s inherit_errexit
|
||||
|
||||
umask u=rwx,g=rx,o=
|
||||
|
||||
|
@ -1171,7 +1172,8 @@ in {
|
|||
rm -f '${cfg.statePath}/config/database.yml'
|
||||
|
||||
${if cfg.databasePasswordFile != null then ''
|
||||
export db_password="$(<'${cfg.databasePasswordFile}')"
|
||||
db_password="$(<'${cfg.databasePasswordFile}')"
|
||||
export db_password
|
||||
|
||||
if [[ -z "$db_password" ]]; then
|
||||
>&2 echo "Database password was an empty string!"
|
||||
|
@ -1195,10 +1197,11 @@ in {
|
|||
|
||||
rm -f '${cfg.statePath}/config/secrets.yml'
|
||||
|
||||
export secret="$(<'${cfg.secrets.secretFile}')"
|
||||
export db="$(<'${cfg.secrets.dbFile}')"
|
||||
export otp="$(<'${cfg.secrets.otpFile}')"
|
||||
export jws="$(<'${cfg.secrets.jwsFile}')"
|
||||
secret="$(<'${cfg.secrets.secretFile}')"
|
||||
db="$(<'${cfg.secrets.dbFile}')"
|
||||
otp="$(<'${cfg.secrets.otpFile}')"
|
||||
jws="$(<'${cfg.secrets.jwsFile}')"
|
||||
export secret db otp jws
|
||||
jq -n '{production: {secret_key_base: $ENV.secret,
|
||||
otp_key_base: $ENV.otp,
|
||||
db_key_base: $ENV.db,
|
||||
|
@ -1232,7 +1235,8 @@ in {
|
|||
RemainAfterExit = true;
|
||||
|
||||
ExecStart = pkgs.writeShellScript "gitlab-db-config" ''
|
||||
set -eu
|
||||
set -o errexit -o pipefail -o nounset
|
||||
shopt -s inherit_errexit
|
||||
umask u=rwx,g=rx,o=
|
||||
|
||||
initial_root_password="$(<'${cfg.initialRootPasswordFile}')"
|
||||
|
|
Loading…
Reference in a new issue