diff options
Diffstat (limited to 'nixos/modules/services/misc/gitea.nix')
-rw-r--r-- | nixos/modules/services/misc/gitea.nix | 25 |
1 files changed, 24 insertions, 1 deletions
diff --git a/nixos/modules/services/misc/gitea.nix b/nixos/modules/services/misc/gitea.nix index f6ef2bb9191..be528a29899 100644 --- a/nixos/modules/services/misc/gitea.nix +++ b/nixos/modules/services/misc/gitea.nix @@ -246,6 +246,13 @@ in description = lib.mdDoc "Path to a file containing the SMTP password."; }; + metricsTokenFile = mkOption { + type = types.nullOr types.str; + default = null; + example = "/var/lib/secrets/gitea/metrics_token"; + description = lib.mdDoc "Path to a file containing the metrics authentication token."; + }; + settings = mkOption { default = {}; description = lib.mdDoc '' @@ -387,6 +394,14 @@ in { assertion = cfg.database.createDatabase -> useSqlite || cfg.database.user == cfg.user; message = "services.gitea.database.user must match services.gitea.user if the database is to be automatically provisioned"; } + { assertion = cfg.database.createDatabase && usePostgresql -> cfg.database.user == cfg.database.name; + message = '' + When creating a database via NixOS, the db user and db name must be equal! + If you already have an existing DB+user and this assertion is new, you can safely set + `services.gitea.createDatabase` to `false` because removal of `ensureUsers` + and `ensureDatabases` doesn't have any effect. + ''; + } ]; services.gitea.settings = { @@ -433,6 +448,10 @@ in PASSWD = "#mailerpass#"; }; + metrics = mkIf (cfg.metricsTokenFile != null) { + TOKEN = "#metricstoken#"; + }; + oauth2 = { JWT_SECRET = "#oauth2jwtsecret#"; }; @@ -450,7 +469,7 @@ in ensureDatabases = [ cfg.database.name ]; ensureUsers = [ { name = cfg.database.user; - ensurePermissions = { "DATABASE ${cfg.database.name}" = "ALL PRIVILEGES"; }; + ensureDBOwnership = true; } ]; }; @@ -559,6 +578,10 @@ in ${lib.optionalString (cfg.mailerPasswordFile != null) '' ${replaceSecretBin} '#mailerpass#' '${cfg.mailerPasswordFile}' '${runConfig}' ''} + + ${lib.optionalString (cfg.metricsTokenFile != null) '' + ${replaceSecretBin} '#metricstoken#' '${cfg.metricsTokenFile}' '${runConfig}' + ''} chmod u-w '${runConfig}' } (umask 027; gitea_setup) |