cafkafk/nixpkgs
cafkafk/nixpkgs
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions 2

nixos/gitlab: Abort on error and use of unset variables

Browse source 
Default behavior is to continue executing the script even when one or
multiple steps fail. We want to abort early if any part of the
initialization fails to not run with a partially initialized state.

Default behavior also allows dereferencing non-existent variables,
potentially resulting in hard-to-find bugs.
This commit is contained in:
talyz 2019-10-27 12:04:09 +01:00 committed by Emery Hemingway
parent 5081a6cd56
commit 041cbd860d
1 changed files with 6 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

6
nixos/modules/services/misc/gitlab.nix
View file

@ -608,6 +608,8 @@ in {
# objects owners and extensions; for now we tack on what's needed # objects owners and extensions; for now we tack on what's needed
# here. # here.
systemd.services.postgresql.postStart = mkAfter (optionalString databaseActuallyCreateLocally '' systemd.services.postgresql.postStart = mkAfter (optionalString databaseActuallyCreateLocally ''
set -eu
$PSQL -tAc "SELECT 1 FROM pg_database WHERE datname = '${cfg.databaseName}'" | grep -q 1 || $PSQL -tAc 'CREATE DATABASE "${cfg.databaseName}" OWNER "${cfg.databaseUsername}"' $PSQL -tAc "SELECT 1 FROM pg_database WHERE datname = '${cfg.databaseName}'" | grep -q 1 || $PSQL -tAc 'CREATE DATABASE "${cfg.databaseName}" OWNER "${cfg.databaseUsername}"'
current_owner=$($PSQL -tAc "SELECT pg_catalog.pg_get_userbyid(datdba) FROM pg_catalog.pg_database WHERE datname = '${cfg.databaseName}'") current_owner=$($PSQL -tAc "SELECT pg_catalog.pg_get_userbyid(datdba) FROM pg_catalog.pg_database WHERE datname = '${cfg.databaseName}'")
if [[ "$current_owner" != "${cfg.databaseUsername}" ]]; then if [[ "$current_owner" != "${cfg.databaseUsername}" ]]; then
@ -781,10 +783,14 @@ in {
ExecStartPre = let ExecStartPre = let
preStartFullPrivileges = '' preStartFullPrivileges = ''
shopt -s dotglob nullglob shopt -s dotglob nullglob
set -eu
chown --no-dereference '${cfg.user}':'${cfg.group}' '${cfg.statePath}'/* chown --no-dereference '${cfg.user}':'${cfg.group}' '${cfg.statePath}'/*
chown --no-dereference '${cfg.user}':'${cfg.group}' '${cfg.statePath}'/config/* chown --no-dereference '${cfg.user}':'${cfg.group}' '${cfg.statePath}'/config/*
''; '';
preStart = '' preStart = ''
set -eu
cp -f ${cfg.packages.gitlab}/share/gitlab/VERSION ${cfg.statePath}/VERSION cp -f ${cfg.packages.gitlab}/share/gitlab/VERSION ${cfg.statePath}/VERSION
rm -rf ${cfg.statePath}/db/* rm -rf ${cfg.statePath}/db/*
rm -rf ${cfg.statePath}/config/initializers/* rm -rf ${cfg.statePath}/config/initializers/*