Merge pull request #111030 from cript0nauta/miniflux-sudo
nixos/miniflux: don't depend on sudo
This commit is contained in:
commit
5a24206e17
2 changed files with 31 additions and 7 deletions
|
@ -14,17 +14,16 @@ let
|
|||
ADMIN_PASSWORD=password
|
||||
'';
|
||||
|
||||
pgsu = "${pkgs.sudo}/bin/sudo -u ${config.services.postgresql.superUser}";
|
||||
pgbin = "${config.services.postgresql.package}/bin";
|
||||
preStart = pkgs.writeScript "miniflux-pre-start" ''
|
||||
#!${pkgs.runtimeShell}
|
||||
db_exists() {
|
||||
[ "$(${pgsu} ${pgbin}/psql -Atc "select 1 from pg_database where datname='$1'")" == "1" ]
|
||||
[ "$(${pgbin}/psql -Atc "select 1 from pg_database where datname='$1'")" == "1" ]
|
||||
}
|
||||
if ! db_exists "${dbName}"; then
|
||||
${pgsu} ${pgbin}/psql postgres -c "CREATE ROLE ${dbUser} WITH LOGIN NOCREATEDB NOCREATEROLE ENCRYPTED PASSWORD '${dbPassword}'"
|
||||
${pgsu} ${pgbin}/createdb --owner "${dbUser}" "${dbName}"
|
||||
${pgsu} ${pgbin}/psql "${dbName}" -c "CREATE EXTENSION IF NOT EXISTS hstore"
|
||||
${pgbin}/psql postgres -c "CREATE ROLE ${dbUser} WITH LOGIN NOCREATEDB NOCREATEROLE ENCRYPTED PASSWORD '${dbPassword}'"
|
||||
${pgbin}/createdb --owner "${dbUser}" "${dbName}"
|
||||
${pgbin}/psql "${dbName}" -c "CREATE EXTENSION IF NOT EXISTS hstore"
|
||||
fi
|
||||
'';
|
||||
in
|
||||
|
@ -73,15 +72,26 @@ in
|
|||
|
||||
services.postgresql.enable = true;
|
||||
|
||||
systemd.services.miniflux-dbsetup = {
|
||||
description = "Miniflux database setup";
|
||||
wantedBy = [ "multi-user.target" ];
|
||||
requires = [ "postgresql.service" ];
|
||||
after = [ "network.target" "postgresql.service" ];
|
||||
serviceConfig = {
|
||||
Type = "oneshot";
|
||||
User = config.services.postgresql.superUser;
|
||||
ExecStart = preStart;
|
||||
};
|
||||
};
|
||||
|
||||
systemd.services.miniflux = {
|
||||
description = "Miniflux service";
|
||||
wantedBy = [ "multi-user.target" ];
|
||||
requires = [ "postgresql.service" ];
|
||||
after = [ "network.target" "postgresql.service" ];
|
||||
after = [ "network.target" "postgresql.service" "miniflux-dbsetup.service" ];
|
||||
|
||||
serviceConfig = {
|
||||
ExecStart = "${pkgs.miniflux}/bin/miniflux";
|
||||
ExecStartPre = "+${preStart}";
|
||||
DynamicUser = true;
|
||||
RuntimeDirectory = "miniflux";
|
||||
RuntimeDirectoryMode = "0700";
|
||||
|
|
|
@ -20,6 +20,13 @@ with lib;
|
|||
services.miniflux.enable = true;
|
||||
};
|
||||
|
||||
withoutSudo =
|
||||
{ ... }:
|
||||
{
|
||||
services.miniflux.enable = true;
|
||||
security.sudo.enable = false;
|
||||
};
|
||||
|
||||
customized =
|
||||
{ ... }:
|
||||
{
|
||||
|
@ -46,6 +53,13 @@ with lib;
|
|||
"curl 'http://localhost:${toString defaultPort}/v1/me' -u '${defaultUsername}:${defaultPassword}' -H Content-Type:application/json | grep -q '\"is_admin\":true'"
|
||||
)
|
||||
|
||||
withoutSudo.wait_for_unit("miniflux.service")
|
||||
withoutSudo.wait_for_open_port(${toString defaultPort})
|
||||
withoutSudo.succeed("curl --fail 'http://localhost:${toString defaultPort}/healthcheck' | grep -q OK")
|
||||
withoutSudo.succeed(
|
||||
"curl 'http://localhost:${toString defaultPort}/v1/me' -u '${defaultUsername}:${defaultPassword}' -H Content-Type:application/json | grep -q '\"is_admin\":true'"
|
||||
)
|
||||
|
||||
customized.wait_for_unit("miniflux.service")
|
||||
customized.wait_for_open_port(${toString port})
|
||||
customized.succeed("curl --fail 'http://localhost:${toString port}/healthcheck' | grep -q OK")
|
||||
|
|
Loading…
Reference in a new issue