diff options
Diffstat (limited to 'nixos/modules/services/web-apps/mastodon.nix')
-rw-r--r-- | nixos/modules/services/web-apps/mastodon.nix | 58 |
1 files changed, 46 insertions, 12 deletions
diff --git a/nixos/modules/services/web-apps/mastodon.nix b/nixos/modules/services/web-apps/mastodon.nix index a6cd7432db2..b6e2309555f 100644 --- a/nixos/modules/services/web-apps/mastodon.nix +++ b/nixos/modules/services/web-apps/mastodon.nix @@ -1,7 +1,9 @@ -{ config, lib, pkgs, ... }: +{ lib, pkgs, config, options, ... }: let cfg = config.services.mastodon; + opt = options.services.mastodon; + # We only want to create a database if we're actually going to connect to it. databaseActuallyCreateLocally = cfg.database.createLocally && cfg.database.host == "/run/postgresql"; @@ -23,7 +25,6 @@ let REDIS_HOST = cfg.redis.host; REDIS_PORT = toString(cfg.redis.port); DB_HOST = cfg.database.host; - DB_PORT = toString(cfg.database.port); DB_NAME = cfg.database.name; LOCAL_DOMAIN = cfg.localDomain; SMTP_SERVER = cfg.smtp.host; @@ -37,7 +38,8 @@ let TRUSTED_PROXY_IP = cfg.trustedProxy; } - // (if cfg.smtp.authenticate then { SMTP_LOGIN = cfg.smtp.user; } else {}) + // lib.optionalAttrs (cfg.database.host != "/run/postgresql" && cfg.database.port != null) { DB_PORT = toString cfg.database.port; } + // lib.optionalAttrs cfg.smtp.authenticate { SMTP_LOGIN = cfg.smtp.user; } // cfg.extraConfig; systemCallsList = [ "@cpu-emulation" "@debug" "@keyring" "@ipc" "@mount" "@obsolete" "@privileged" "@setuid" ]; @@ -314,8 +316,13 @@ in { }; port = lib.mkOption { - type = lib.types.port; - default = 5432; + type = lib.types.nullOr lib.types.port; + default = if cfg.database.createLocally then null else 5432; + defaultText = lib.literalExpression '' + if config.${opt.database.createLocally} + then null + else 5432 + ''; description = lib.mdDoc "Database host port."; }; @@ -333,8 +340,8 @@ in { passwordFile = lib.mkOption { type = lib.types.nullOr lib.types.path; - default = "/var/lib/mastodon/secrets/db-password"; - example = "/run/keys/mastodon-db-password"; + default = null; + example = "/var/lib/mastodon/secrets/db-password"; description = lib.mdDoc '' A file containing the password corresponding to {option}`database.user`. @@ -468,7 +475,18 @@ in { assertions = [ { assertion = databaseActuallyCreateLocally -> (cfg.user == cfg.database.user); - message = ''For local automatic database provisioning (services.mastodon.database.createLocally == true) with peer authentication (services.mastodon.database.host == "/run/postgresql") to work services.mastodon.user and services.mastodon.database.user must be identical.''; + message = '' + For local automatic database provisioning (services.mastodon.database.createLocally == true) with peer + authentication (services.mastodon.database.host == "/run/postgresql") to work services.mastodon.user + and services.mastodon.database.user must be identical. + ''; + } + { + assertion = !databaseActuallyCreateLocally -> (cfg.database.host != "/run/postgresql"); + message = '' + <option>services.mastodon.database.host</option> needs to be set if + <option>services.mastodon.database.createLocally</option> is not enabled. + ''; } { assertion = cfg.smtp.authenticate -> (cfg.smtp.user != null); @@ -512,10 +530,11 @@ in { OTP_SECRET="$(cat ${cfg.otpSecretFile})" VAPID_PRIVATE_KEY="$(cat ${cfg.vapidPrivateKeyFile})" VAPID_PUBLIC_KEY="$(cat ${cfg.vapidPublicKeyFile})" + '' + lib.optionalString (cfg.database.passwordFile != null) '' DB_PASS="$(cat ${cfg.database.passwordFile})" - '' + (if cfg.smtp.authenticate then '' + '' + lib.optionalString cfg.smtp.authenticate '' SMTP_PASSWORD="$(cat ${cfg.smtp.passwordFile})" - '' else "") + '' + '' + '' EOF ''; environment = env; @@ -530,7 +549,16 @@ in { }; systemd.services.mastodon-init-db = lib.mkIf cfg.automaticMigrations { - script = '' + script = lib.optionalString (!databaseActuallyCreateLocally) '' + umask 077 + + export PGPASSFILE + PGPASSFILE=$(mktemp) + cat > $PGPASSFILE <<EOF + ${cfg.database.host}:${toString cfg.database.port}:${cfg.database.name}:${cfg.database.user}:$(cat ${cfg.database.passwordFile}) + EOF + + '' + '' if [ `psql ${cfg.database.name} -c \ "select count(*) from pg_class c \ join pg_namespace s on s.oid = c.relnamespace \ @@ -541,9 +569,15 @@ in { else rails db:migrate fi + '' + lib.optionalString (!databaseActuallyCreateLocally) '' + rm $PGPASSFILE + unset PGPASSFILE ''; path = [ cfg.package pkgs.postgresql ]; - environment = env; + environment = env // lib.optionalAttrs (!databaseActuallyCreateLocally) { + PGHOST = cfg.database.host; + PGUSER = cfg.database.user; + }; serviceConfig = { Type = "oneshot"; EnvironmentFile = [ "/var/lib/mastodon/.secrets_env" ]; |