From 58a75024211a18870bffd33466b0d5aefa846d74 Mon Sep 17 00:00:00 2001 From: talyz Date: Tue, 17 Sep 2019 08:36:19 +0200 Subject: [PATCH] nixos/gitlab: Only create the database when databaseHost is unset Make sure that we don't create a database if we're not going to connect to it. Also, fix the assertion that usernames be equal to only trig when peer authentication is used (databaseHost == ""). --- nixos/modules/services/misc/gitlab.nix | 15 +++++++++------ 1 file changed, 9 insertions(+), 6 deletions(-) diff --git a/nixos/modules/services/misc/gitlab.nix b/nixos/modules/services/misc/gitlab.nix index 1b6002498c68..26a01f6c61e0 100644 --- a/nixos/modules/services/misc/gitlab.nix +++ b/nixos/modules/services/misc/gitlab.nix @@ -27,6 +27,9 @@ let } // cfg.extraDatabaseConfig; }; + # We only want to create a database if we're actually going to connect to it. + databaseActuallyCreateLocally = cfg.databaseCreateLocally && cfg.databaseHost == ""; + gitalyToml = pkgs.writeText "gitaly.toml" '' socket_path = "${lib.escape ["\""] gitalySocket}" bin_dir = "${cfg.packages.gitaly}/bin" @@ -263,8 +266,8 @@ in { description = '' Whether a database should be automatically created on the local host. Set this to false if you plan - on provisioning a local database yourself or use an external - one. + on provisioning a local database yourself. This has no effect + if is customized. ''; }; @@ -554,8 +557,8 @@ in { assertions = [ { - assertion = cfg.databaseCreateLocally -> (cfg.user == cfg.databaseUsername); - message = "For local automatic database provisioning services.gitlab.user and services.gitlab.databaseUsername should be identical."; + assertion = databaseActuallyCreateLocally -> (cfg.user == cfg.databaseUsername); + message = ''For local automatic database provisioning (services.gitlab.databaseCreateLocally == true) with peer authentication (services.gitlab.databaseHost == "") to work services.gitlab.user and services.gitlab.databaseUsername must be identical.''; } { assertion = (cfg.databaseHost != "") -> (cfg.databasePasswordFile != null); @@ -589,14 +592,14 @@ in { services.redis.enable = mkDefault true; # We use postgres as the main data store. - services.postgresql = optionalAttrs cfg.databaseCreateLocally { + services.postgresql = optionalAttrs databaseActuallyCreateLocally { enable = true; ensureUsers = singleton { name = cfg.databaseUsername; }; }; # The postgresql module doesn't currently support concepts like # objects owners and extensions; for now we tack on what's needed # here. - systemd.services.postgresql.postStart = mkAfter (optionalString cfg.databaseCreateLocally '' + systemd.services.postgresql.postStart = mkAfter (optionalString databaseActuallyCreateLocally '' $PSQL -tAc "SELECT 1 FROM pg_database WHERE datname = '${cfg.databaseName}'" | grep -q 1 || $PSQL -tAc 'CREATE DATABASE "${cfg.databaseName}" OWNER "${cfg.databaseUsername}"' current_owner=$($PSQL -tAc "SELECT pg_catalog.pg_get_userbyid(datdba) FROM pg_catalog.pg_database WHERE datname = '${cfg.databaseName}'") if [[ "$current_owner" != "${cfg.databaseUsername}" ]]; then