Merge pull request #197989 from SuperSandro2000/healthchecks

2022-10-30 19:46:18 +01:00 · 2022-10-30 19:46:18 +01:00 · 4f989630d2
parent 49728da542 3c4c38a799
commit 4f989630d2
3 changed files with 13 additions and 24 deletions
--- a/nixos/modules/services/web-apps/healthchecks.nix
+++ b/nixos/modules/services/web-apps/healthchecks.nix
@ -15,14 +15,14 @@ let

  environmentFile = pkgs.writeText "healthchecks-environment" (lib.generators.toKeyValue { } environment);

-  healthchecksManageScript = with pkgs; (writeShellScriptBin "healthchecks-manage" ''
+  healthchecksManageScript = pkgs.writeShellScriptBin "healthchecks-manage" ''
+    sudo=exec
    if [[ "$USER" != "${cfg.user}" ]]; then
-        echo "please run as user 'healtchecks'." >/dev/stderr
-        exit 1
+      sudo='exec /run/wrappers/bin/sudo -u ${cfg.user} --preserve-env --preserve-env=PYTHONPATH'
    fi
-    export $(cat ${environmentFile} | xargs);
-    exec ${pkg}/opt/healthchecks/manage.py "$@"
-  '');
+    export $(cat ${environmentFile} | xargs)
+    $sudo ${pkg}/opt/healthchecks/manage.py "$@"
+  '';
 in
 {
  options.services.healthchecks = {
@ -163,7 +163,7 @@ in
          WorkingDirectory = cfg.dataDir;
          User = cfg.user;
          Group = cfg.group;
-          EnvironmentFile = environmentFile;
+          EnvironmentFile = [ environmentFile ];
          StateDirectory = mkIf (cfg.dataDir == "/var/lib/healthchecks") "healthchecks";
          StateDirectoryMode = mkIf (cfg.dataDir == "/var/lib/healthchecks") "0750";
        };
--- a/nixos/tests/web-apps/healthchecks.nix
+++ b/nixos/tests/web-apps/healthchecks.nix
@ -33,10 +33,10 @@ import ../make-test-python.nix ({ lib, pkgs, ... }: {
        )

    with subtest("Manage script works"):
-        # Should fail if not called by healthchecks user
-        machine.fail("echo 'print(\"foo\")' | healthchecks-manage help")
-
        # "shell" sucommand should succeed, needs python in PATH.
        assert "foo\n" == machine.succeed("echo 'print(\"foo\")' | sudo -u healthchecks healthchecks-manage shell")
+
+        # Shouldn't fail if not called by healthchecks user
+        assert "foo\n" == machine.succeed("echo 'print(\"foo\")' | healthchecks-manage shell")
  '';
 })
--- a/pkgs/servers/web-apps/healthchecks/default.nix
+++ b/pkgs/servers/web-apps/healthchecks/default.nix
@ -8,43 +8,32 @@ let
  py = python3.override {
    packageOverrides = final: prev: {
      django = prev.django_4;
-      fido2 = prev.fido2.overridePythonAttrs (old: rec {
-        version = "0.9.3";
-        src = prev.fetchPypi {
-          pname = "fido2";
-          inherit version;
-          sha256 = "sha256-tF6JphCc/Lfxu1E3dqotZAjpXEgi+DolORi5RAg0Zuw=";
-        };
-      });
    };
  };
 in
 py.pkgs.buildPythonApplication rec {
  pname = "healthchecks";
-  version = "2.2.1";
+  version = "2.4.1";
  format = "other";

  src = fetchFromGitHub {
    owner = "healthchecks";
    repo = pname;
    rev = "v${version}";
-    sha256 = "sha256-C+NUvs5ijbj/l8G1sjSXvUJDNSOTVFAStfS5KtYFpUs=";
+    sha256 = "sha256-K2zA0ZkAPMgm+IofNiCf+mVTF/RIoorTupWLOowT29g=";
  };

  propagatedBuildInputs = with py.pkgs; [
    apprise
-    cffi
    cron-descriptor
    cronsim
-    cryptography
    django
    django-compressor
    fido2
    minio
    psycopg2
-    py
+    pycurl
    pyotp
-    requests
    segno
    statsd
    whitenoise