b12f/nixpkgs
1
0
Fork 0
Code Issues Pull requests Packages Projects Releases Wiki Activity

nixos/gitea: utilize mysql|postgresql.ensureDatabases & ensureUsers to provision databases

Browse source
This commit is contained in:
Aaron Andersen 2019-05-22 21:00:24 -04:00
parent 2256b56748
commit 615f8b8982
2 changed files with 33 additions and 36 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

53
nixos/modules/services/misc/gitea.nix
View file

@ -159,7 +159,8 @@ in
socket = mkOption {
type = types.nullOr types.path;
default = null;
default = if (cfg.database.createDatabase && usePostgresql) then "/run/postgresql" else if (cfg.database.createDatabase && useMysql) then "/run/mysqld/mysqld.sock" else null;
defaultText = "null";
example = "/run/mysqld/mysqld.sock";
description = "Path to the unix socket file to use for authentication.";
};
@ -173,10 +174,7 @@ in
createDatabase = mkOption {
type = types.bool;
default = true;
description = ''
Whether to create a local postgresql database automatically.
This only applies if database type "postgres" is selected.
'';
description = "Whether to create a local database automatically.";
};
};
@ -277,7 +275,34 @@ in
};
config = mkIf cfg.enable {
services.postgresql.enable = mkIf usePostgresql (mkDefault true);
assertions = [
{ assertion = cfg.database.createDatabase -> cfg.database.user == cfg.user;
message = "services.gitea.database.user must match services.gitea.user if the database is to be automatically provisioned";
}
];
services.postgresql = optionalAttrs (usePostgresql && cfg.database.createDatabase) {
enable = mkDefault true;
ensureDatabases = [ cfg.database.name ];
ensureUsers = [
{ name = cfg.database.user;
ensurePermissions = { "DATABASE ${cfg.database.name}" = "ALL PRIVILEGES"; };
}
];
};
services.mysql = optionalAttrs (useMysql && cfg.database.createDatabase) {
enable = mkDefault true;
package = mkDefault pkgs.mariadb;
ensureDatabases = [ cfg.database.name ];
ensureUsers = [
{ name = cfg.database.user;
ensurePermissions = { "${cfg.database.name}.*" = "ALL PRIVILEGES"; };
}
];
};
systemd.services.gitea = {
description = "gitea";
@ -331,22 +356,6 @@ in
then
sed -ri 's,/nix/store/[a-z0-9.-]+/bin/gitea,${gitea.bin}/bin/gitea,g' ${cfg.stateDir}/.ssh/authorized_keys
fi
'' + optionalString (usePostgresql && cfg.database.createDatabase) ''
if ! test -e "${cfg.stateDir}/db-created"; then
echo "CREATE ROLE ${cfg.database.user}
WITH ENCRYPTED PASSWORD '$(head -n1 ${cfg.database.passwordFile})'
NOCREATEDB NOCREATEROLE LOGIN" |
${pkgs.sudo}/bin/sudo -u ${pg.superUser} ${pg.package}/bin/psql
${pkgs.sudo}/bin/sudo -u ${pg.superUser} \
${pg.package}/bin/createdb \
--owner=${cfg.database.user} \
--encoding=UTF8 \
--lc-collate=C \
--lc-ctype=C \
--template=template0 \
${cfg.database.name}
touch "${cfg.stateDir}/db-created"
fi
'' + ''
chown ${cfg.user} -R ${cfg.stateDir}
'';

16
nixos/tests/gitea.nix
View file

@ -13,18 +13,8 @@ with pkgs.lib;
machine =
{ config, pkgs, ... }:
{ services.mysql.enable = true;
services.mysql.package = pkgs.mariadb;
services.mysql.ensureDatabases = [ "gitea" ];
services.mysql.ensureUsers = [
{ name = "gitea";
ensurePermissions = { "gitea.*" = "ALL PRIVILEGES"; };
}
];
services.gitea.enable = true;
{ services.gitea.enable = true;
services.gitea.database.type = "mysql";
services.gitea.database.socket = "/run/mysqld/mysqld.sock";
};
testScript = ''
@ -42,10 +32,8 @@ with pkgs.lib;
machine =
{ config, pkgs, ... }:
{
services.gitea.enable = true;
{ services.gitea.enable = true;
services.gitea.database.type = "postgres";
services.gitea.database.passwordFile = pkgs.writeText "db-password" "secret";
};
testScript = ''