Merge pull request #64365 from aanderse/tt-rss

nixos/tt-rss: remove deprecated usage of PermissionsStartOnly, specify a group to run service as, and fix local pgsql database creation
This commit is contained in:
Aaron Andersen 2019-07-20 08:23:48 -04:00 committed by GitHub
commit faf884ca9b
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23

View file

@ -16,6 +16,9 @@ let
poolName = "tt-rss";
mysqlLocal = cfg.database.createLocally && cfg.database.type == "mysql";
pgsqlLocal = cfg.database.createLocally && cfg.database.type == "pgsql";
tt-rss-config = pkgs.writeText "config.php" ''
<?php
@ -200,6 +203,12 @@ let
and 3306 for pgsql and mysql respectively).
'';
};
createLocally = mkOption {
type = types.bool;
default = true;
description = "Create the database and database user locally.";
};
};
auth = {
@ -551,9 +560,13 @@ let
};
};
systemd.services.tt-rss = let
dbService = if cfg.database.type == "pgsql" then "postgresql.service" else "mysql.service";
in {
systemd.tmpfiles.rules = [
"d '${cfg.root}' 0755 ${cfg.user} tt_rss - -"
"Z '${cfg.root}' 0755 ${cfg.user} tt_rss - -"
];
systemd.services.tt-rss =
{
description = "Tiny Tiny RSS feeds update daemon";
@ -562,14 +575,14 @@ let
if cfg.database.type == "pgsql" then ''
${optionalString (cfg.database.password != null) "PGPASSWORD=${cfg.database.password}"} \
${optionalString (cfg.database.passwordFile != null) "PGPASSWORD=$(cat ${cfg.database.passwordFile})"} \
${pkgs.sudo}/bin/sudo -u ${cfg.user} ${config.services.postgresql.package}/bin/psql \
${config.services.postgresql.package}/bin/psql \
-U ${cfg.database.user} \
${optionalString (cfg.database.host != null) "-h ${cfg.database.host} --port ${toString dbPort}"} \
-c '${e}' \
${cfg.database.name}''
else if cfg.database.type == "mysql" then ''
echo '${e}' | ${pkgs.sudo}/bin/sudo -u ${cfg.user} ${config.services.mysql.package}/bin/mysql \
echo '${e}' | ${config.services.mysql.package}/bin/mysql \
-u ${cfg.database.user} \
${optionalString (cfg.database.password != null) "-p${cfg.database.password}"} \
${optionalString (cfg.database.host != null) "-h ${cfg.database.host} -P ${toString dbPort}"} \
@ -579,7 +592,6 @@ let
in ''
rm -rf "${cfg.root}/*"
mkdir -m 755 -p "${cfg.root}"
cp -r "${pkgs.tt-rss}/"* "${cfg.root}"
${optionalString (cfg.pluginPackages != []) ''
for plugin in ${concatStringsSep " " cfg.pluginPackages}; do
@ -592,19 +604,10 @@ let
done
''}
ln -sf "${tt-rss-config}" "${cfg.root}/config.php"
chown -R "${cfg.user}" "${cfg.root}"
chmod -R 755 "${cfg.root}"
''
+ (optionalString (cfg.database.type == "pgsql") ''
${optionalString (cfg.database.host == null && cfg.database.password == null) ''
if ! [ -e ${cfg.root}/.db-created ]; then
${pkgs.sudo}/bin/sudo -u ${config.services.postgresql.superUser} ${config.services.postgresql.package}/bin/createuser ${cfg.database.user}
${pkgs.sudo}/bin/sudo -u ${config.services.postgresql.superUser} ${config.services.postgresql.package}/bin/createdb -O ${cfg.database.user} ${cfg.database.name}
touch ${cfg.root}/.db-created
fi
''}
exists=$(${callSql "select count(*) > 0 from pg_tables where tableowner = user"} \
| tail -n+3 | head -n-2 | sed -e 's/[ \n\t]*//')
@ -628,18 +631,18 @@ let
serviceConfig = {
User = "${cfg.user}";
Group = "tt_rss";
ExecStart = "${pkgs.php}/bin/php ${cfg.root}/update.php --daemon";
StandardOutput = "syslog";
StandardError = "syslog";
PermissionsStartOnly = true;
};
wantedBy = [ "multi-user.target" ];
requires = ["${dbService}"];
after = ["network.target" "${dbService}"];
requires = optional mysqlLocal "mysql.service" ++ optional pgsqlLocal "postgresql.service";
after = [ "network.target" ] ++ optional mysqlLocal "mysql.service" ++ optional pgsqlLocal "postgresql.service";
};
services.mysql = optionalAttrs (cfg.database.type == "mysql") {
services.mysql = mkIf mysqlLocal {
enable = true;
package = mkDefault pkgs.mysql;
ensureDatabases = [ cfg.database.name ];
@ -653,17 +656,22 @@ let
];
};
services.postgresql = optionalAttrs (cfg.database.type == "pgsql") {
services.postgresql = mkIf pgsqlLocal {
enable = mkDefault true;
ensureDatabases = [ cfg.database.name ];
ensureUsers = [
{ name = cfg.user;
ensurePermissions = { "DATABASE ${cfg.database.name}" = "ALL PRIVILEGES"; };
}
];
};
users = optionalAttrs (cfg.user == "tt_rss") {
users.tt_rss = {
description = "tt-rss service user";
isSystemUser = true;
group = "tt_rss";
};
groups.tt_rss = {};
users.users.tt_rss = optionalAttrs (cfg.user == "tt_rss") {
description = "tt-rss service user";
isSystemUser = true;
group = "tt_rss";
};
users.groups.tt_rss = {};
};
}