From 4e68da6337638e49af9a17b0857196a60934c13f Mon Sep 17 00:00:00 2001
From: Izorkin <izorkin@elven.pw>
Date: Fri, 31 Jul 2020 00:04:23 +0300
Subject: nixos/gitea: add 'backupDir' option

---
 nixos/modules/services/misc/gitea.nix | 13 +++++++++++--
 1 file changed, 11 insertions(+), 2 deletions(-)

(limited to 'nixos/modules/services/misc/gitea.nix')

diff --git a/nixos/modules/services/misc/gitea.nix b/nixos/modules/services/misc/gitea.nix
index 15aeb191f57..28609f8ec8a 100644
--- a/nixos/modules/services/misc/gitea.nix
+++ b/nixos/modules/services/misc/gitea.nix
@@ -162,6 +162,12 @@ in
             <manvolnum>7</manvolnum></citerefentry>.
           '';
         };
+
+        backupDir = mkOption {
+          type = types.str;
+          default = "${cfg.stateDir}/dump";
+          description = "Path to the dump files.";
+        };
       };
 
       appName = mkOption {
@@ -357,6 +363,9 @@ in
     };
 
     systemd.tmpfiles.rules = [
+      "d '${cfg.dump.backupDir}' 0750 ${cfg.user} gitea - -"
+      "z '${cfg.dump.backupDir}' 0750 ${cfg.user} gitea - -"
+      "Z '${cfg.dump.backupDir}' - ${cfg.user} gitea - -"
       "d '${cfg.repositoryRoot}' 0750 ${cfg.user} gitea - -"
       "z '${cfg.repositoryRoot}' 0750 ${cfg.user} gitea - -"
       "Z '${cfg.repositoryRoot}' - ${cfg.user} gitea - -"
@@ -448,7 +457,7 @@ in
         ProtectKernelTunables = true;
         ProtectKernelModules = true;
         ProtectControlGroups = true;
-        ReadWritePaths = [ cfg.repositoryRoot cfg.stateDir ];
+        ReadWritePaths = [ cfg.dump.backupDir cfg.repositoryRoot cfg.stateDir ];
         UMask = "0027";
         # Caps
         CapabilityBoundingSet = "";
@@ -513,7 +522,7 @@ in
          Type = "oneshot";
          User = cfg.user;
          ExecStart = "${gitea}/bin/gitea dump";
-         WorkingDirectory = cfg.stateDir;
+         WorkingDirectory = cfg.dump.backupDir;
        };
     };
 
-- 
cgit 1.4.1