derped
/
nixos
1
0
Fork 0
Code Releases Activity

mysql: Use ensure* options, split definition up into service files. 

note/reason for split: nixos submodule option names aren't standardized...
This commit is contained in:
Kevin Baensch 2019-12-19 09:36:54 +01:00
parent 627a45c070
commit 92cd95d6ce
Signed by: derped
GPG Key ID: C0F1D326C7626543
3 changed files with 56 additions and 45 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

64
services/gitea.nix
View File

@ -3,34 +3,48 @@
with lib;
mkIf (elem "gitea" config.machine.services) {
services.gitea = let
cfg = config.machine;
domain = (findFirst (s: s.service == "gitea") cfg cfg.vHosts).domain;
in {
enable = true;
user = "git";
cookieSecure = true;
domain = domain;
rootUrl = "http://${domain}/";
database = {
type = "mysql";
services = {
gitea = let
cfg = config.machine;
domain = (findFirst (s: s.service == "gitea") cfg cfg.vHosts).domain;
in {
enable = true;
user = "git";
name = "gitea";
passwordFile = "${cfg.secretPath}/gitea_db";
cookieSecure = true;
domain = domain;
rootUrl = "http://${domain}/";
database = {
type = "mysql";
user = "git";
name = "gitea";
passwordFile = "${cfg.secretPath}/gitea_db";
};
extraConfig = ''
[repository]
DISABLE_HTTP_GIT = false
USE_COMPAT_SSH_URI = true
[security]
INSTALL_LOCK = true
COOKIE_USERNAME = gitea_username
COOKIE_REMEMBER_NAME = gitea_userauth
[service]
DISABLE_REGISTRATION = true
'';
};
extraConfig = ''
[repository]
DISABLE_HTTP_GIT = false
USE_COMPAT_SSH_URI = true
[security]
INSTALL_LOCK = true
COOKIE_USERNAME = gitea_username
COOKIE_REMEMBER_NAME = gitea_userauth
[service]
DISABLE_REGISTRATION = true
'';
mysql = let
cfg = config.services.gitea.database;
in {
ensureDatabases = [ cfg.name ];
ensureUsers = [{
name = cfg.user;
ensurePermissions = {
"${cfg.name}.*" = "ALL PRIVILEGES";
};
}];
};
};
users.users.git = {

19
services/mariaDB.nix
View File

@ -2,24 +2,9 @@
with lib;
let
cfg = config.services;
mkInitialDatabases = servicename: if (cfg."${servicename}".enable && (cfg."${servicename}".database.type == "mysql")) then
let
password = (fileContents "${config.machine.secretPath}/${servicename}_db");
cfg = config.services."${servicename}".database;
in {
name = cfg.name;
schema = pkgs.writeText "${cfg.name}.sql" ''
create user if not exists ${cfg.user}@'localhost' identified by ${password};
grant all privileges on ${cfg.name}.* to ${cfg.user}@'localhost' identified by ${password};
'';
} else { name = ""; };
in mkIf (elem "mariaDB" config.machine.services) {
services.mysql = {
mkIf (elem "mariaDB" config.machine.services) {
services.mysql = rec {
enable = true;
package = pkgs.mariadb;
initialDatabases = (map mkInitialDatabases [ "mailman3" "gitea" ]);
};
}

18
services/nextcloud.nix
View File

@ -3,9 +3,9 @@
with lib;
mkIf (elem "nextcloud" config.machine.services) {
services = let
cfg = config.machine;
domain = (findFirst (s: s.service == "nextcloud") cfg cfg.vHosts).domain;
services = let
cfg = config.machine;
domain = (findFirst (s: s.service == "nextcloud") cfg cfg.vHosts).domain;
in {
nextcloud = {
enable = true;
@ -47,5 +47,17 @@ mkIf (elem "nextcloud" config.machine.services) {
no-multicast-peers
'';
};
mysql = let
cfg = config.services.nextcloud.config;
in {
ensureDatabases = [ cfg.dbname ];
ensureUsers = [{
name = cfg.dbuser;
ensurePermissions = {
"${cfg.dbname}.*" = "ALL PRIVILEGES";
};
}];
};
};
}