mysql: Use ensure* options, split definition up into service files.
note/reason for split: nixos submodule option names aren't standardized...
This commit is contained in:
parent
627a45c070
commit
92cd95d6ce
3 changed files with 56 additions and 45 deletions
|
@ -3,34 +3,48 @@
|
|||
with lib;
|
||||
|
||||
mkIf (elem "gitea" config.machine.services) {
|
||||
services.gitea = let
|
||||
cfg = config.machine;
|
||||
domain = (findFirst (s: s.service == "gitea") cfg cfg.vHosts).domain;
|
||||
in {
|
||||
enable = true;
|
||||
user = "git";
|
||||
cookieSecure = true;
|
||||
domain = domain;
|
||||
rootUrl = "http://${domain}/";
|
||||
database = {
|
||||
type = "mysql";
|
||||
services = {
|
||||
gitea = let
|
||||
cfg = config.machine;
|
||||
domain = (findFirst (s: s.service == "gitea") cfg cfg.vHosts).domain;
|
||||
in {
|
||||
enable = true;
|
||||
user = "git";
|
||||
name = "gitea";
|
||||
passwordFile = "${cfg.secretPath}/gitea_db";
|
||||
cookieSecure = true;
|
||||
domain = domain;
|
||||
rootUrl = "http://${domain}/";
|
||||
database = {
|
||||
type = "mysql";
|
||||
user = "git";
|
||||
name = "gitea";
|
||||
passwordFile = "${cfg.secretPath}/gitea_db";
|
||||
};
|
||||
extraConfig = ''
|
||||
[repository]
|
||||
DISABLE_HTTP_GIT = false
|
||||
USE_COMPAT_SSH_URI = true
|
||||
|
||||
[security]
|
||||
INSTALL_LOCK = true
|
||||
COOKIE_USERNAME = gitea_username
|
||||
COOKIE_REMEMBER_NAME = gitea_userauth
|
||||
|
||||
[service]
|
||||
DISABLE_REGISTRATION = true
|
||||
'';
|
||||
};
|
||||
extraConfig = ''
|
||||
[repository]
|
||||
DISABLE_HTTP_GIT = false
|
||||
USE_COMPAT_SSH_URI = true
|
||||
|
||||
[security]
|
||||
INSTALL_LOCK = true
|
||||
COOKIE_USERNAME = gitea_username
|
||||
COOKIE_REMEMBER_NAME = gitea_userauth
|
||||
|
||||
[service]
|
||||
DISABLE_REGISTRATION = true
|
||||
'';
|
||||
mysql = let
|
||||
cfg = config.services.gitea.database;
|
||||
in {
|
||||
ensureDatabases = [ cfg.name ];
|
||||
ensureUsers = [{
|
||||
name = cfg.user;
|
||||
ensurePermissions = {
|
||||
"${cfg.name}.*" = "ALL PRIVILEGES";
|
||||
};
|
||||
}];
|
||||
};
|
||||
};
|
||||
|
||||
users.users.git = {
|
||||
|
|
|
@ -2,24 +2,9 @@
|
|||
|
||||
with lib;
|
||||
|
||||
let
|
||||
cfg = config.services;
|
||||
mkInitialDatabases = servicename: if (cfg."${servicename}".enable && (cfg."${servicename}".database.type == "mysql")) then
|
||||
let
|
||||
password = (fileContents "${config.machine.secretPath}/${servicename}_db");
|
||||
cfg = config.services."${servicename}".database;
|
||||
in {
|
||||
name = cfg.name;
|
||||
schema = pkgs.writeText "${cfg.name}.sql" ''
|
||||
create user if not exists ${cfg.user}@'localhost' identified by ${password};
|
||||
grant all privileges on ${cfg.name}.* to ${cfg.user}@'localhost' identified by ${password};
|
||||
'';
|
||||
} else { name = ""; };
|
||||
in mkIf (elem "mariaDB" config.machine.services) {
|
||||
services.mysql = {
|
||||
mkIf (elem "mariaDB" config.machine.services) {
|
||||
services.mysql = rec {
|
||||
enable = true;
|
||||
package = pkgs.mariadb;
|
||||
initialDatabases = (map mkInitialDatabases [ "mailman3" "gitea" ]);
|
||||
};
|
||||
}
|
||||
|
||||
|
|
|
@ -3,9 +3,9 @@
|
|||
with lib;
|
||||
|
||||
mkIf (elem "nextcloud" config.machine.services) {
|
||||
services = let
|
||||
cfg = config.machine;
|
||||
domain = (findFirst (s: s.service == "nextcloud") cfg cfg.vHosts).domain;
|
||||
services = let
|
||||
cfg = config.machine;
|
||||
domain = (findFirst (s: s.service == "nextcloud") cfg cfg.vHosts).domain;
|
||||
in {
|
||||
nextcloud = {
|
||||
enable = true;
|
||||
|
@ -47,5 +47,17 @@ mkIf (elem "nextcloud" config.machine.services) {
|
|||
no-multicast-peers
|
||||
'';
|
||||
};
|
||||
|
||||
mysql = let
|
||||
cfg = config.services.nextcloud.config;
|
||||
in {
|
||||
ensureDatabases = [ cfg.dbname ];
|
||||
ensureUsers = [{
|
||||
name = cfg.dbuser;
|
||||
ensurePermissions = {
|
||||
"${cfg.dbname}.*" = "ALL PRIVILEGES";
|
||||
};
|
||||
}];
|
||||
};
|
||||
};
|
||||
}
|
||||
|
|
Loading…
Reference in a new issue