cafkafk/nixpkgs
cafkafk/nixpkgs
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions 2

nixos/gitea: define a gitea group to avoid "nogroup" ownership

Browse source
This commit is contained in:
Aaron Andersen 2019-05-22 21:07:08 -04:00
parent 615f8b8982
commit 9d251d8b21
1 changed files with 10 additions and 2 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

12
nixos/modules/services/misc/gitea.nix
View file

@ -304,6 +304,10 @@ in
]; ];
}; };
systemd.tmpfiles.rules = [
"Z '${cfg.stateDir}' - ${cfg.user} gitea - -"
];
systemd.services.gitea = { systemd.services.gitea = {
description = "gitea"; description = "gitea";
after = [ "network.target" ] ++ lib.optional usePostgresql "postgresql.service" ++ lib.optional useMysql "mysql.service"; after = [ "network.target" ] ++ lib.optional usePostgresql "postgresql.service" ++ lib.optional useMysql "mysql.service";
@ -363,6 +367,7 @@ in
serviceConfig = { serviceConfig = {
Type = "simple"; Type = "simple";
User = cfg.user; User = cfg.user;
Group = "gitea";
WorkingDirectory = cfg.stateDir; WorkingDirectory = cfg.stateDir;
PermissionsStartOnly = true; PermissionsStartOnly = true;
ExecStart = "${gitea.bin}/bin/gitea web"; ExecStart = "${gitea.bin}/bin/gitea web";
@ -376,15 +381,18 @@ in
}; };
}; };
users = mkIf (cfg.user == "gitea") { users.users = mkIf (cfg.user == "gitea") {
users.gitea = { gitea = {
description = "Gitea Service"; description = "Gitea Service";
home = cfg.stateDir; home = cfg.stateDir;
createHome = true; createHome = true;
useDefaultShell = true; useDefaultShell = true;
group = "gitea";
}; };
}; };
users.groups.gitea = {};
warnings = optional (cfg.database.password != "") warnings = optional (cfg.database.password != "")
''config.services.gitea.database.password will be stored as plaintext ''config.services.gitea.database.password will be stored as plaintext
in the Nix store. Use database.passwordFile instead.''; in the Nix store. Use database.passwordFile instead.'';