mysql: Use ensure* options, split definition up into service files.
note/reason for split: nixos submodule option names aren't standardized...
This commit is contained in:
parent
627a45c070
commit
92cd95d6ce
3 changed files with 56 additions and 45 deletions
|
@ -3,34 +3,48 @@
|
||||||
with lib;
|
with lib;
|
||||||
|
|
||||||
mkIf (elem "gitea" config.machine.services) {
|
mkIf (elem "gitea" config.machine.services) {
|
||||||
services.gitea = let
|
services = {
|
||||||
cfg = config.machine;
|
gitea = let
|
||||||
domain = (findFirst (s: s.service == "gitea") cfg cfg.vHosts).domain;
|
cfg = config.machine;
|
||||||
in {
|
domain = (findFirst (s: s.service == "gitea") cfg cfg.vHosts).domain;
|
||||||
enable = true;
|
in {
|
||||||
user = "git";
|
enable = true;
|
||||||
cookieSecure = true;
|
|
||||||
domain = domain;
|
|
||||||
rootUrl = "http://${domain}/";
|
|
||||||
database = {
|
|
||||||
type = "mysql";
|
|
||||||
user = "git";
|
user = "git";
|
||||||
name = "gitea";
|
cookieSecure = true;
|
||||||
passwordFile = "${cfg.secretPath}/gitea_db";
|
domain = domain;
|
||||||
|
rootUrl = "http://${domain}/";
|
||||||
|
database = {
|
||||||
|
type = "mysql";
|
||||||
|
user = "git";
|
||||||
|
name = "gitea";
|
||||||
|
passwordFile = "${cfg.secretPath}/gitea_db";
|
||||||
|
};
|
||||||
|
extraConfig = ''
|
||||||
|
[repository]
|
||||||
|
DISABLE_HTTP_GIT = false
|
||||||
|
USE_COMPAT_SSH_URI = true
|
||||||
|
|
||||||
|
[security]
|
||||||
|
INSTALL_LOCK = true
|
||||||
|
COOKIE_USERNAME = gitea_username
|
||||||
|
COOKIE_REMEMBER_NAME = gitea_userauth
|
||||||
|
|
||||||
|
[service]
|
||||||
|
DISABLE_REGISTRATION = true
|
||||||
|
'';
|
||||||
};
|
};
|
||||||
extraConfig = ''
|
|
||||||
[repository]
|
|
||||||
DISABLE_HTTP_GIT = false
|
|
||||||
USE_COMPAT_SSH_URI = true
|
|
||||||
|
|
||||||
[security]
|
mysql = let
|
||||||
INSTALL_LOCK = true
|
cfg = config.services.gitea.database;
|
||||||
COOKIE_USERNAME = gitea_username
|
in {
|
||||||
COOKIE_REMEMBER_NAME = gitea_userauth
|
ensureDatabases = [ cfg.name ];
|
||||||
|
ensureUsers = [{
|
||||||
[service]
|
name = cfg.user;
|
||||||
DISABLE_REGISTRATION = true
|
ensurePermissions = {
|
||||||
'';
|
"${cfg.name}.*" = "ALL PRIVILEGES";
|
||||||
|
};
|
||||||
|
}];
|
||||||
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
users.users.git = {
|
users.users.git = {
|
||||||
|
|
|
@ -2,24 +2,9 @@
|
||||||
|
|
||||||
with lib;
|
with lib;
|
||||||
|
|
||||||
let
|
mkIf (elem "mariaDB" config.machine.services) {
|
||||||
cfg = config.services;
|
services.mysql = rec {
|
||||||
mkInitialDatabases = servicename: if (cfg."${servicename}".enable && (cfg."${servicename}".database.type == "mysql")) then
|
|
||||||
let
|
|
||||||
password = (fileContents "${config.machine.secretPath}/${servicename}_db");
|
|
||||||
cfg = config.services."${servicename}".database;
|
|
||||||
in {
|
|
||||||
name = cfg.name;
|
|
||||||
schema = pkgs.writeText "${cfg.name}.sql" ''
|
|
||||||
create user if not exists ${cfg.user}@'localhost' identified by ${password};
|
|
||||||
grant all privileges on ${cfg.name}.* to ${cfg.user}@'localhost' identified by ${password};
|
|
||||||
'';
|
|
||||||
} else { name = ""; };
|
|
||||||
in mkIf (elem "mariaDB" config.machine.services) {
|
|
||||||
services.mysql = {
|
|
||||||
enable = true;
|
enable = true;
|
||||||
package = pkgs.mariadb;
|
package = pkgs.mariadb;
|
||||||
initialDatabases = (map mkInitialDatabases [ "mailman3" "gitea" ]);
|
|
||||||
};
|
};
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
@ -3,9 +3,9 @@
|
||||||
with lib;
|
with lib;
|
||||||
|
|
||||||
mkIf (elem "nextcloud" config.machine.services) {
|
mkIf (elem "nextcloud" config.machine.services) {
|
||||||
services = let
|
services = let
|
||||||
cfg = config.machine;
|
cfg = config.machine;
|
||||||
domain = (findFirst (s: s.service == "nextcloud") cfg cfg.vHosts).domain;
|
domain = (findFirst (s: s.service == "nextcloud") cfg cfg.vHosts).domain;
|
||||||
in {
|
in {
|
||||||
nextcloud = {
|
nextcloud = {
|
||||||
enable = true;
|
enable = true;
|
||||||
|
@ -47,5 +47,17 @@ mkIf (elem "nextcloud" config.machine.services) {
|
||||||
no-multicast-peers
|
no-multicast-peers
|
||||||
'';
|
'';
|
||||||
};
|
};
|
||||||
|
|
||||||
|
mysql = let
|
||||||
|
cfg = config.services.nextcloud.config;
|
||||||
|
in {
|
||||||
|
ensureDatabases = [ cfg.dbname ];
|
||||||
|
ensureUsers = [{
|
||||||
|
name = cfg.dbuser;
|
||||||
|
ensurePermissions = {
|
||||||
|
"${cfg.dbname}.*" = "ALL PRIVILEGES";
|
||||||
|
};
|
||||||
|
}];
|
||||||
|
};
|
||||||
};
|
};
|
||||||
}
|
}
|
||||||
|
|
Loading…
Reference in a new issue