forked from mirrors/nixpkgs
Merge pull request #64365 from aanderse/tt-rss
nixos/tt-rss: remove deprecated usage of PermissionsStartOnly, specify a group to run service as, and fix local pgsql database creation
This commit is contained in:
commit
faf884ca9b
|
@ -16,6 +16,9 @@ let
|
||||||
|
|
||||||
poolName = "tt-rss";
|
poolName = "tt-rss";
|
||||||
|
|
||||||
|
mysqlLocal = cfg.database.createLocally && cfg.database.type == "mysql";
|
||||||
|
pgsqlLocal = cfg.database.createLocally && cfg.database.type == "pgsql";
|
||||||
|
|
||||||
tt-rss-config = pkgs.writeText "config.php" ''
|
tt-rss-config = pkgs.writeText "config.php" ''
|
||||||
<?php
|
<?php
|
||||||
|
|
||||||
|
@ -200,6 +203,12 @@ let
|
||||||
and 3306 for pgsql and mysql respectively).
|
and 3306 for pgsql and mysql respectively).
|
||||||
'';
|
'';
|
||||||
};
|
};
|
||||||
|
|
||||||
|
createLocally = mkOption {
|
||||||
|
type = types.bool;
|
||||||
|
default = true;
|
||||||
|
description = "Create the database and database user locally.";
|
||||||
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
auth = {
|
auth = {
|
||||||
|
@ -551,9 +560,13 @@ let
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
systemd.services.tt-rss = let
|
systemd.tmpfiles.rules = [
|
||||||
dbService = if cfg.database.type == "pgsql" then "postgresql.service" else "mysql.service";
|
"d '${cfg.root}' 0755 ${cfg.user} tt_rss - -"
|
||||||
in {
|
"Z '${cfg.root}' 0755 ${cfg.user} tt_rss - -"
|
||||||
|
];
|
||||||
|
|
||||||
|
systemd.services.tt-rss =
|
||||||
|
{
|
||||||
|
|
||||||
description = "Tiny Tiny RSS feeds update daemon";
|
description = "Tiny Tiny RSS feeds update daemon";
|
||||||
|
|
||||||
|
@ -562,14 +575,14 @@ let
|
||||||
if cfg.database.type == "pgsql" then ''
|
if cfg.database.type == "pgsql" then ''
|
||||||
${optionalString (cfg.database.password != null) "PGPASSWORD=${cfg.database.password}"} \
|
${optionalString (cfg.database.password != null) "PGPASSWORD=${cfg.database.password}"} \
|
||||||
${optionalString (cfg.database.passwordFile != null) "PGPASSWORD=$(cat ${cfg.database.passwordFile})"} \
|
${optionalString (cfg.database.passwordFile != null) "PGPASSWORD=$(cat ${cfg.database.passwordFile})"} \
|
||||||
${pkgs.sudo}/bin/sudo -u ${cfg.user} ${config.services.postgresql.package}/bin/psql \
|
${config.services.postgresql.package}/bin/psql \
|
||||||
-U ${cfg.database.user} \
|
-U ${cfg.database.user} \
|
||||||
${optionalString (cfg.database.host != null) "-h ${cfg.database.host} --port ${toString dbPort}"} \
|
${optionalString (cfg.database.host != null) "-h ${cfg.database.host} --port ${toString dbPort}"} \
|
||||||
-c '${e}' \
|
-c '${e}' \
|
||||||
${cfg.database.name}''
|
${cfg.database.name}''
|
||||||
|
|
||||||
else if cfg.database.type == "mysql" then ''
|
else if cfg.database.type == "mysql" then ''
|
||||||
echo '${e}' | ${pkgs.sudo}/bin/sudo -u ${cfg.user} ${config.services.mysql.package}/bin/mysql \
|
echo '${e}' | ${config.services.mysql.package}/bin/mysql \
|
||||||
-u ${cfg.database.user} \
|
-u ${cfg.database.user} \
|
||||||
${optionalString (cfg.database.password != null) "-p${cfg.database.password}"} \
|
${optionalString (cfg.database.password != null) "-p${cfg.database.password}"} \
|
||||||
${optionalString (cfg.database.host != null) "-h ${cfg.database.host} -P ${toString dbPort}"} \
|
${optionalString (cfg.database.host != null) "-h ${cfg.database.host} -P ${toString dbPort}"} \
|
||||||
|
@ -579,7 +592,6 @@ let
|
||||||
|
|
||||||
in ''
|
in ''
|
||||||
rm -rf "${cfg.root}/*"
|
rm -rf "${cfg.root}/*"
|
||||||
mkdir -m 755 -p "${cfg.root}"
|
|
||||||
cp -r "${pkgs.tt-rss}/"* "${cfg.root}"
|
cp -r "${pkgs.tt-rss}/"* "${cfg.root}"
|
||||||
${optionalString (cfg.pluginPackages != []) ''
|
${optionalString (cfg.pluginPackages != []) ''
|
||||||
for plugin in ${concatStringsSep " " cfg.pluginPackages}; do
|
for plugin in ${concatStringsSep " " cfg.pluginPackages}; do
|
||||||
|
@ -592,19 +604,10 @@ let
|
||||||
done
|
done
|
||||||
''}
|
''}
|
||||||
ln -sf "${tt-rss-config}" "${cfg.root}/config.php"
|
ln -sf "${tt-rss-config}" "${cfg.root}/config.php"
|
||||||
chown -R "${cfg.user}" "${cfg.root}"
|
|
||||||
chmod -R 755 "${cfg.root}"
|
chmod -R 755 "${cfg.root}"
|
||||||
''
|
''
|
||||||
|
|
||||||
+ (optionalString (cfg.database.type == "pgsql") ''
|
+ (optionalString (cfg.database.type == "pgsql") ''
|
||||||
${optionalString (cfg.database.host == null && cfg.database.password == null) ''
|
|
||||||
if ! [ -e ${cfg.root}/.db-created ]; then
|
|
||||||
${pkgs.sudo}/bin/sudo -u ${config.services.postgresql.superUser} ${config.services.postgresql.package}/bin/createuser ${cfg.database.user}
|
|
||||||
${pkgs.sudo}/bin/sudo -u ${config.services.postgresql.superUser} ${config.services.postgresql.package}/bin/createdb -O ${cfg.database.user} ${cfg.database.name}
|
|
||||||
touch ${cfg.root}/.db-created
|
|
||||||
fi
|
|
||||||
''}
|
|
||||||
|
|
||||||
exists=$(${callSql "select count(*) > 0 from pg_tables where tableowner = user"} \
|
exists=$(${callSql "select count(*) > 0 from pg_tables where tableowner = user"} \
|
||||||
| tail -n+3 | head -n-2 | sed -e 's/[ \n\t]*//')
|
| tail -n+3 | head -n-2 | sed -e 's/[ \n\t]*//')
|
||||||
|
|
||||||
|
@ -628,18 +631,18 @@ let
|
||||||
|
|
||||||
serviceConfig = {
|
serviceConfig = {
|
||||||
User = "${cfg.user}";
|
User = "${cfg.user}";
|
||||||
|
Group = "tt_rss";
|
||||||
ExecStart = "${pkgs.php}/bin/php ${cfg.root}/update.php --daemon";
|
ExecStart = "${pkgs.php}/bin/php ${cfg.root}/update.php --daemon";
|
||||||
StandardOutput = "syslog";
|
StandardOutput = "syslog";
|
||||||
StandardError = "syslog";
|
StandardError = "syslog";
|
||||||
PermissionsStartOnly = true;
|
|
||||||
};
|
};
|
||||||
|
|
||||||
wantedBy = [ "multi-user.target" ];
|
wantedBy = [ "multi-user.target" ];
|
||||||
requires = ["${dbService}"];
|
requires = optional mysqlLocal "mysql.service" ++ optional pgsqlLocal "postgresql.service";
|
||||||
after = ["network.target" "${dbService}"];
|
after = [ "network.target" ] ++ optional mysqlLocal "mysql.service" ++ optional pgsqlLocal "postgresql.service";
|
||||||
};
|
};
|
||||||
|
|
||||||
services.mysql = optionalAttrs (cfg.database.type == "mysql") {
|
services.mysql = mkIf mysqlLocal {
|
||||||
enable = true;
|
enable = true;
|
||||||
package = mkDefault pkgs.mysql;
|
package = mkDefault pkgs.mysql;
|
||||||
ensureDatabases = [ cfg.database.name ];
|
ensureDatabases = [ cfg.database.name ];
|
||||||
|
@ -653,17 +656,22 @@ let
|
||||||
];
|
];
|
||||||
};
|
};
|
||||||
|
|
||||||
services.postgresql = optionalAttrs (cfg.database.type == "pgsql") {
|
services.postgresql = mkIf pgsqlLocal {
|
||||||
enable = mkDefault true;
|
enable = mkDefault true;
|
||||||
|
ensureDatabases = [ cfg.database.name ];
|
||||||
|
ensureUsers = [
|
||||||
|
{ name = cfg.user;
|
||||||
|
ensurePermissions = { "DATABASE ${cfg.database.name}" = "ALL PRIVILEGES"; };
|
||||||
|
}
|
||||||
|
];
|
||||||
};
|
};
|
||||||
|
|
||||||
users = optionalAttrs (cfg.user == "tt_rss") {
|
users.users.tt_rss = optionalAttrs (cfg.user == "tt_rss") {
|
||||||
users.tt_rss = {
|
description = "tt-rss service user";
|
||||||
description = "tt-rss service user";
|
isSystemUser = true;
|
||||||
isSystemUser = true;
|
group = "tt_rss";
|
||||||
group = "tt_rss";
|
|
||||||
};
|
|
||||||
groups.tt_rss = {};
|
|
||||||
};
|
};
|
||||||
|
|
||||||
|
users.groups.tt_rss = {};
|
||||||
};
|
};
|
||||||
}
|
}
|
||||||
|
|
Loading…
Reference in a new issue