diff options
author | Aaron Andersen <aaron@fosslib.net> | 2019-07-05 22:04:56 -0400 |
---|---|---|
committer | Aaron Andersen <aaron@fosslib.net> | 2019-07-05 22:04:56 -0400 |
commit | 1cd3b98c3a7e93c95190e4d3fb76cca68cb9e049 (patch) | |
tree | a44a9051b645b45d34ea9c0360e6c04aa69e60fc /nixos/modules/services/web-apps | |
parent | 2720a1c147202c17d7e3ca155b9e2e91f91bb2ab (diff) | |
download | nixpkgs-1cd3b98c3a7e93c95190e4d3fb76cca68cb9e049.tar nixpkgs-1cd3b98c3a7e93c95190e4d3fb76cca68cb9e049.tar.gz nixpkgs-1cd3b98c3a7e93c95190e4d3fb76cca68cb9e049.tar.bz2 nixpkgs-1cd3b98c3a7e93c95190e4d3fb76cca68cb9e049.tar.lz nixpkgs-1cd3b98c3a7e93c95190e4d3fb76cca68cb9e049.tar.xz nixpkgs-1cd3b98c3a7e93c95190e4d3fb76cca68cb9e049.tar.zst nixpkgs-1cd3b98c3a7e93c95190e4d3fb76cca68cb9e049.zip |
nixos/tt-rss: remove deprecated usage of PermissionsStartOnly, specify a group to run service as, and fix local pgsql database creation
Diffstat (limited to 'nixos/modules/services/web-apps')
-rw-r--r-- | nixos/modules/services/web-apps/tt-rss.nix | 62 |
1 files changed, 35 insertions, 27 deletions
diff --git a/nixos/modules/services/web-apps/tt-rss.nix b/nixos/modules/services/web-apps/tt-rss.nix index b882f6c2ae7..1bd9de93735 100644 --- a/nixos/modules/services/web-apps/tt-rss.nix +++ b/nixos/modules/services/web-apps/tt-rss.nix @@ -16,6 +16,9 @@ let poolName = "tt-rss"; + mysqlLocal = cfg.database.createLocally && cfg.database.type == "mysql"; + pgsqlLocal = cfg.database.createLocally && cfg.database.type == "pgsql"; + tt-rss-config = pkgs.writeText "config.php" '' <?php @@ -200,6 +203,12 @@ let and 3306 for pgsql and mysql respectively). ''; }; + + createLocally = mkOption { + type = types.bool; + default = true; + description = "Create the database and database user locally."; + }; }; auth = { @@ -551,9 +560,13 @@ let }; }; - systemd.services.tt-rss = let - dbService = if cfg.database.type == "pgsql" then "postgresql.service" else "mysql.service"; - in { + systemd.tmpfiles.rules = [ + "d '${cfg.root}' 0755 ${cfg.user} tt_rss - -" + "Z '${cfg.root}' 0755 ${cfg.user} tt_rss - -" + ]; + + systemd.services.tt-rss = + { description = "Tiny Tiny RSS feeds update daemon"; @@ -562,14 +575,14 @@ let if cfg.database.type == "pgsql" then '' ${optionalString (cfg.database.password != null) "PGPASSWORD=${cfg.database.password}"} \ ${optionalString (cfg.database.passwordFile != null) "PGPASSWORD=$(cat ${cfg.database.passwordFile})"} \ - ${pkgs.sudo}/bin/sudo -u ${cfg.user} ${config.services.postgresql.package}/bin/psql \ + ${config.services.postgresql.package}/bin/psql \ -U ${cfg.database.user} \ ${optionalString (cfg.database.host != null) "-h ${cfg.database.host} --port ${toString dbPort}"} \ -c '${e}' \ ${cfg.database.name}'' else if cfg.database.type == "mysql" then '' - echo '${e}' | ${pkgs.sudo}/bin/sudo -u ${cfg.user} ${config.services.mysql.package}/bin/mysql \ + echo '${e}' | ${config.services.mysql.package}/bin/mysql \ -u ${cfg.database.user} \ ${optionalString (cfg.database.password != null) "-p${cfg.database.password}"} \ ${optionalString (cfg.database.host != null) "-h ${cfg.database.host} -P ${toString dbPort}"} \ @@ -579,7 +592,6 @@ let in '' rm -rf "${cfg.root}/*" - mkdir -m 755 -p "${cfg.root}" cp -r "${pkgs.tt-rss}/"* "${cfg.root}" ${optionalString (cfg.pluginPackages != []) '' for plugin in ${concatStringsSep " " cfg.pluginPackages}; do @@ -592,19 +604,10 @@ let done ''} ln -sf "${tt-rss-config}" "${cfg.root}/config.php" - chown -R "${cfg.user}" "${cfg.root}" chmod -R 755 "${cfg.root}" '' + (optionalString (cfg.database.type == "pgsql") '' - ${optionalString (cfg.database.host == null && cfg.database.password == null) '' - if ! [ -e ${cfg.root}/.db-created ]; then - ${pkgs.sudo}/bin/sudo -u ${config.services.postgresql.superUser} ${config.services.postgresql.package}/bin/createuser ${cfg.database.user} - ${pkgs.sudo}/bin/sudo -u ${config.services.postgresql.superUser} ${config.services.postgresql.package}/bin/createdb -O ${cfg.database.user} ${cfg.database.name} - touch ${cfg.root}/.db-created - fi - ''} - exists=$(${callSql "select count(*) > 0 from pg_tables where tableowner = user"} \ | tail -n+3 | head -n-2 | sed -e 's/[ \n\t]*//') @@ -628,18 +631,18 @@ let serviceConfig = { User = "${cfg.user}"; + Group = "tt_rss"; ExecStart = "${pkgs.php}/bin/php ${cfg.root}/update.php --daemon"; StandardOutput = "syslog"; StandardError = "syslog"; - PermissionsStartOnly = true; }; wantedBy = [ "multi-user.target" ]; - requires = ["${dbService}"]; - after = ["network.target" "${dbService}"]; + requires = optional mysqlLocal "mysql.service" ++ optional pgsqlLocal "postgresql.service"; + after = [ "network.target" ] ++ optional mysqlLocal "mysql.service" ++ optional pgsqlLocal "postgresql.service"; }; - services.mysql = optionalAttrs (cfg.database.type == "mysql") { + services.mysql = mkIf mysqlLocal { enable = true; package = mkDefault pkgs.mysql; ensureDatabases = [ cfg.database.name ]; @@ -653,17 +656,22 @@ let ]; }; - services.postgresql = optionalAttrs (cfg.database.type == "pgsql") { + services.postgresql = mkIf pgsqlLocal { enable = mkDefault true; + ensureDatabases = [ cfg.database.name ]; + ensureUsers = [ + { name = cfg.user; + ensurePermissions = { "DATABASE ${cfg.database.name}" = "ALL PRIVILEGES"; }; + } + ]; }; - users = optionalAttrs (cfg.user == "tt_rss") { - users.tt_rss = { - description = "tt-rss service user"; - isSystemUser = true; - group = "tt_rss"; - }; - groups.tt_rss = {}; + users.users.tt_rss = optionalAttrs (cfg.user == "tt_rss") { + description = "tt-rss service user"; + isSystemUser = true; + group = "tt_rss"; }; + + users.groups.tt_rss = {}; }; } |