Strona główna Odkrywaj Pomoc
Zaloguj się
control
/
home
1
0
Forkuj 0
Pliki
Drzewo: 0c502fa50c
Gałęzie Tagi
home
/
modules
/
nixos
/
gogs.nix

gogs.nix 2.9 KB
Historia Czysty

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125 
  1. {
    2. 

  2.   config,
    3. 

  3.   lib,
    4. 

  4.   pkgs,
    5. 

  5.   ...
    6. 

  6. }:
    7. 

  7. 

  8. let
    9. 

  9.   cfg = config.services.gogs;
    10. 

  10.   iniFormat = pkgs.formats.ini { };
    11. 

  11.   configFile = iniFormat.generate "gogs.ini" cfg.settings;
    12. 

  12. in
    13. 

  13. {
    14. 

  14.   options.services.gogs = {
    15. 

  15.     enable = lib.mkEnableOption "Gogs Git service";
    16. 

  16. 

  17.     package = lib.mkPackageOption pkgs "gogs" { };
    18. 

  18. 

  19.     user = lib.mkOption {
    20. 

  20.       type = lib.types.str;
    21. 

  21.       default = "gogs";
    22. 

  22.       description = "User account under which Gogs runs.";
    23. 

  23.     };
    24. 

  24. 

  25.     group = lib.mkOption {
    26. 

  26.       type = lib.types.str;
    27. 

  27.       default = "gogs";
    28. 

  28.       description = "Group under which Gogs runs.";
    29. 

  29.     };
    30. 

  30. 

  31.     stateDir = lib.mkOption {
    32. 

  32.       type = lib.types.str;
    33. 

  33.       default = "/var/lib/gogs";
    34. 

  34.       description = "Persistent data directory.";
    35. 

  35.     };
    36. 

  36. 

  37.     environmentFile = lib.mkOption {
    38. 

  38.       type = lib.types.nullOr lib.types.path;
    39. 

  39.       default = null;
    40. 

  40.       description = ''
    41. 

  41.         File containing environment variables to pass to the Gogs service,
    42. 

  42.         formatted as VARIABLE=VALUE per line. Values set here are merged into
    43. 

  43.         the service's environment and can be used to pass secrets (e.g.
    44. 

  44.         database passwords) without putting them in the Nix store.
    45. 

  45.       '';
    46. 

  46.     };
    47. 

  47. 

  48.     settings = lib.mkOption {
    49. 

  49.       type = iniFormat.type;
    50. 

  50.       default = { };
    51. 

  51. 

  52.       example = lib.literalExpression ''
    53. 

  53.         {
    54. 

  54.           server = {
    55. 

  55.             DOMAIN = "git.example.com";
    56. 

  56.             ROOT_URL = "https://git.example.com/";
    57. 

  57.             HTTP_PORT = 3000;
    58. 

  58.           };
    59. 

  59. 

  60.           database = {
    61. 

  61.             TYPE = "sqlite3";
    62. 

  62.             PATH = "/var/lib/gogs/data/gogs.db";
    63. 

  63.           };
    64. 

  64.         }
    65. 

  65.       '';
    66. 

  66. 

  67.       description = ''
    68. 

  68.         Settings written to app.ini.
    69. 

  69. 

  70.         See:
    71. 

  71.         https://gogs.io/docs/advanced/configuration_cheat_sheet
    72. 

  72.       '';
    73. 

  73.     };
    74. 

  74.   };
    75. 

  75. 

  76.   config = lib.mkIf cfg.enable {
    77. 

  77. 

  78.     users.users.${cfg.user} = {
    79. 

  79.       isSystemUser = true;
    80. 

  80.       group = cfg.group;
    81. 

  81.       home = cfg.stateDir;
    82. 

  82.       createHome = true;
    83. 

  83.     };
    84. 

  84. 

  85.     users.groups.${cfg.group} = { };
    86. 

  86. 

  87.     systemd.tmpfiles.rules = [
    88. 

  88.       "d ${cfg.stateDir} 0750 ${cfg.user} ${cfg.group} -"
    89. 

  89.       "d ${cfg.stateDir}/repositories 0750 ${cfg.user} ${cfg.group} -"
    90. 

  90.       "d ${cfg.stateDir}/data 0750 ${cfg.user} ${cfg.group} -"
    91. 

  91.       "d ${cfg.stateDir}/log 0750 ${cfg.user} ${cfg.group} -"
    92. 

  92.     ];
    93. 

  93. 

  94.     systemd.services.gogs = {
    95. 

  95.       description = "Gogs Git Service";
    96. 

  96. 

  97.       after = [ "network.target" ];
    98. 

  98.       wantedBy = [ "multi-user.target" ];
    99. 

  99. 

  100.       serviceConfig = {
    101. 

  101.         Type = "simple";
    102. 

  102. 

  103.         User = cfg.user;
    104. 

  104.         Group = cfg.group;
    105. 

  105. 

  106.         WorkingDirectory = cfg.stateDir;
    107. 

  107. 

  108.         ExecStart = "${lib.getExe cfg.package} web --config ${configFile}";
    109. 

  109. 

  110.         Restart = "on-failure";
    111. 

  111. 

  112.         EnvironmentFile = lib.mkIf (cfg.environmentFile != null) cfg.environmentFile;
    113. 

  113. 

  114.         NoNewPrivileges = true;
    115. 

  115.         PrivateTmp = true;
    116. 

  116.         ProtectSystem = "strict";
    117. 

  117.         ProtectHome = true;
    118. 

  118. 

  119.         ReadWritePaths = [
    120. 

  120.           cfg.stateDir
    121. 

  121.         ];
    122. 

  122.       };
    123. 

  123.     };
    124. 

  124.   };
    125. 

  125. }
    126.