3
0
Fork 0
forked from mirrors/nixpkgs

Merge pull request #64365 from aanderse/tt-rss

nixos/tt-rss: remove deprecated usage of PermissionsStartOnly, specify a group to run service as, and fix local pgsql database creation
This commit is contained in:
Aaron Andersen 2019-07-20 08:23:48 -04:00 committed by GitHub
commit faf884ca9b
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23

View file

@ -16,6 +16,9 @@ let
poolName = "tt-rss"; poolName = "tt-rss";
mysqlLocal = cfg.database.createLocally && cfg.database.type == "mysql";
pgsqlLocal = cfg.database.createLocally && cfg.database.type == "pgsql";
tt-rss-config = pkgs.writeText "config.php" '' tt-rss-config = pkgs.writeText "config.php" ''
<?php <?php
@ -200,6 +203,12 @@ let
and 3306 for pgsql and mysql respectively). and 3306 for pgsql and mysql respectively).
''; '';
}; };
createLocally = mkOption {
type = types.bool;
default = true;
description = "Create the database and database user locally.";
};
}; };
auth = { auth = {
@ -551,9 +560,13 @@ let
}; };
}; };
systemd.services.tt-rss = let systemd.tmpfiles.rules = [
dbService = if cfg.database.type == "pgsql" then "postgresql.service" else "mysql.service"; "d '${cfg.root}' 0755 ${cfg.user} tt_rss - -"
in { "Z '${cfg.root}' 0755 ${cfg.user} tt_rss - -"
];
systemd.services.tt-rss =
{
description = "Tiny Tiny RSS feeds update daemon"; description = "Tiny Tiny RSS feeds update daemon";
@ -562,14 +575,14 @@ let
if cfg.database.type == "pgsql" then '' if cfg.database.type == "pgsql" then ''
${optionalString (cfg.database.password != null) "PGPASSWORD=${cfg.database.password}"} \ ${optionalString (cfg.database.password != null) "PGPASSWORD=${cfg.database.password}"} \
${optionalString (cfg.database.passwordFile != null) "PGPASSWORD=$(cat ${cfg.database.passwordFile})"} \ ${optionalString (cfg.database.passwordFile != null) "PGPASSWORD=$(cat ${cfg.database.passwordFile})"} \
${pkgs.sudo}/bin/sudo -u ${cfg.user} ${config.services.postgresql.package}/bin/psql \ ${config.services.postgresql.package}/bin/psql \
-U ${cfg.database.user} \ -U ${cfg.database.user} \
${optionalString (cfg.database.host != null) "-h ${cfg.database.host} --port ${toString dbPort}"} \ ${optionalString (cfg.database.host != null) "-h ${cfg.database.host} --port ${toString dbPort}"} \
-c '${e}' \ -c '${e}' \
${cfg.database.name}'' ${cfg.database.name}''
else if cfg.database.type == "mysql" then '' else if cfg.database.type == "mysql" then ''
echo '${e}' | ${pkgs.sudo}/bin/sudo -u ${cfg.user} ${config.services.mysql.package}/bin/mysql \ echo '${e}' | ${config.services.mysql.package}/bin/mysql \
-u ${cfg.database.user} \ -u ${cfg.database.user} \
${optionalString (cfg.database.password != null) "-p${cfg.database.password}"} \ ${optionalString (cfg.database.password != null) "-p${cfg.database.password}"} \
${optionalString (cfg.database.host != null) "-h ${cfg.database.host} -P ${toString dbPort}"} \ ${optionalString (cfg.database.host != null) "-h ${cfg.database.host} -P ${toString dbPort}"} \
@ -579,7 +592,6 @@ let
in '' in ''
rm -rf "${cfg.root}/*" rm -rf "${cfg.root}/*"
mkdir -m 755 -p "${cfg.root}"
cp -r "${pkgs.tt-rss}/"* "${cfg.root}" cp -r "${pkgs.tt-rss}/"* "${cfg.root}"
${optionalString (cfg.pluginPackages != []) '' ${optionalString (cfg.pluginPackages != []) ''
for plugin in ${concatStringsSep " " cfg.pluginPackages}; do for plugin in ${concatStringsSep " " cfg.pluginPackages}; do
@ -592,19 +604,10 @@ let
done done
''} ''}
ln -sf "${tt-rss-config}" "${cfg.root}/config.php" ln -sf "${tt-rss-config}" "${cfg.root}/config.php"
chown -R "${cfg.user}" "${cfg.root}"
chmod -R 755 "${cfg.root}" chmod -R 755 "${cfg.root}"
'' ''
+ (optionalString (cfg.database.type == "pgsql") '' + (optionalString (cfg.database.type == "pgsql") ''
${optionalString (cfg.database.host == null && cfg.database.password == null) ''
if ! [ -e ${cfg.root}/.db-created ]; then
${pkgs.sudo}/bin/sudo -u ${config.services.postgresql.superUser} ${config.services.postgresql.package}/bin/createuser ${cfg.database.user}
${pkgs.sudo}/bin/sudo -u ${config.services.postgresql.superUser} ${config.services.postgresql.package}/bin/createdb -O ${cfg.database.user} ${cfg.database.name}
touch ${cfg.root}/.db-created
fi
''}
exists=$(${callSql "select count(*) > 0 from pg_tables where tableowner = user"} \ exists=$(${callSql "select count(*) > 0 from pg_tables where tableowner = user"} \
| tail -n+3 | head -n-2 | sed -e 's/[ \n\t]*//') | tail -n+3 | head -n-2 | sed -e 's/[ \n\t]*//')
@ -628,18 +631,18 @@ let
serviceConfig = { serviceConfig = {
User = "${cfg.user}"; User = "${cfg.user}";
Group = "tt_rss";
ExecStart = "${pkgs.php}/bin/php ${cfg.root}/update.php --daemon"; ExecStart = "${pkgs.php}/bin/php ${cfg.root}/update.php --daemon";
StandardOutput = "syslog"; StandardOutput = "syslog";
StandardError = "syslog"; StandardError = "syslog";
PermissionsStartOnly = true;
}; };
wantedBy = [ "multi-user.target" ]; wantedBy = [ "multi-user.target" ];
requires = ["${dbService}"]; requires = optional mysqlLocal "mysql.service" ++ optional pgsqlLocal "postgresql.service";
after = ["network.target" "${dbService}"]; after = [ "network.target" ] ++ optional mysqlLocal "mysql.service" ++ optional pgsqlLocal "postgresql.service";
}; };
services.mysql = optionalAttrs (cfg.database.type == "mysql") { services.mysql = mkIf mysqlLocal {
enable = true; enable = true;
package = mkDefault pkgs.mysql; package = mkDefault pkgs.mysql;
ensureDatabases = [ cfg.database.name ]; ensureDatabases = [ cfg.database.name ];
@ -653,17 +656,22 @@ let
]; ];
}; };
services.postgresql = optionalAttrs (cfg.database.type == "pgsql") { services.postgresql = mkIf pgsqlLocal {
enable = mkDefault true; enable = mkDefault true;
ensureDatabases = [ cfg.database.name ];
ensureUsers = [
{ name = cfg.user;
ensurePermissions = { "DATABASE ${cfg.database.name}" = "ALL PRIVILEGES"; };
}
];
}; };
users = optionalAttrs (cfg.user == "tt_rss") { users.users.tt_rss = optionalAttrs (cfg.user == "tt_rss") {
users.tt_rss = { description = "tt-rss service user";
description = "tt-rss service user"; isSystemUser = true;
isSystemUser = true; group = "tt_rss";
group = "tt_rss";
};
groups.tt_rss = {};
}; };
users.groups.tt_rss = {};
}; };
} }