Sākums Izpētīt Palīdzība
Pierakstīties
control
/
home
1
0
Atdalīts 0
Faili
Koks: 1dd1940b17
Atzari Tagi
home
/
modules
/
nixos
/
gogs.nix

gogs.nix 6.5 KB
Vēsture Neapstrādāts

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225 
  1. { config
    2. 

  2. , lib
    3. 

  3. , pkgs
    4. 

  4. , ... }:
    5. 

  5. 

  6. with lib;
    7. 

  7. 

  8. let
    9. 

  9.   cfg = config.services.gogs;
    10. 

  10. 

  11.   iniFormat = pkgs.formats.ini {};
    12. 

  12.   defaultConfig = lib.recursiveUpdate {
    13. 

  13.     server.RUN_USER = cfg.user;
    14. 

  14.     security.INSTALL_LOCK = true;
    15. 

  15.     database.TYPE = "sqlite3";
    16. 

  16.     database.PATH = "${cfg.stateDir}/data/gogs.db";
    17. 

  17.   } cfg.settings;
    18. 

  18.   configFile = iniFormat.generate "gogs.ini" defaultConfig;
    19. 

  19. 

  20.   themeVariants = {
    21. 

  21.     dark         = "kristuff.gogs.dark.min.css";
    22. 

  22.     dark-blue    = "kristuff.gogs.dark-accent-blue.min.css";
    23. 

  23.     dark-green   = "kristuff.gogs.dark-accent-green.min.css";
    24. 

  24.     dark-magenta = "kristuff.gogs.dark-accent-magenta.min.css";
    25. 

  25.     dark-orange  = "kristuff.gogs.dark-accent-orange.min.css";
    26. 

  26.     dark-red     = "kristuff.gogs.dark-accent-red.min.css";
    27. 

  27.     dark-yellow  = "kristuff.gogs.dark-accent-yellow.min.css";
    28. 

  28.   };
    29. 

  29.   themeFile = if cfg.theme == null then null
    30. 

  30.     else if builtins.hasAttr cfg.theme themeVariants
    31. 

  31.     then "${pkgs.gogs-themes}/dist/${themeVariants.${cfg.theme}}"
    32. 

  32.     else cfg.theme;
    33. 

  33.   themeSetupScript = pkgs.writeShellScript "gogs-theme-setup" ''
    34. 

  34.     mkdir -p ${cfg.stateDir}/custom/public/css ${cfg.stateDir}/custom/templates/inject
    35. 

  35.     cp -f ${themeFile} ${cfg.stateDir}/custom/public/css/theme.css
    36. 

  36.     cat > ${cfg.stateDir}/custom/templates/inject/head.tmpl << 'EOF'
    37. 

  37.     <link rel="stylesheet" href="{{AppSubURL}}/css/theme.css">
    38. 

  38.     EOF
    39. 

  39.   '';
    40. 

  40. in {
    41. 

  41.   options.services.gogs = {
    42. 

  42.     enable = lib.mkEnableOption "Gogs Git service";
    43. 

  43. 

  44.     package = lib.mkPackageOption pkgs "gogs" { };
    45. 

  45. 

  46.     user = lib.mkOption {
    47. 

  47.       type = lib.types.str;
    48. 

  48.       default = "git";
    49. 

  49.       description = "User account under which Gogs runs.";
    50. 

  50.     };
    51. 

  51. 

  52.     group = lib.mkOption {
    53. 

  53.       type = lib.types.str;
    54. 

  54.       default = "git";
    55. 

  55.       description = "Group under which Gogs runs.";
    56. 

  56.     };
    57. 

  57. 

  58.     stateDir = lib.mkOption {
    59. 

  59.       type = lib.types.str;
    60. 

  60.       default = "/var/lib/gogs";
    61. 

  61.       description = "Persistent data directory.";
    62. 

  62.     };
    63. 

  63. 

  64.     environmentFile = lib.mkOption {
    65. 

  65.       type = lib.types.nullOr lib.types.path;
    66. 

  66.       default = null;
    67. 

  67.       description = ''
    68. 

  68.         File containing environment variables to pass to the Gogs service,
    69. 

  69.         formatted as VARIABLE=VALUE per line. Values set here are merged into
    70. 

  70.         the service's environment and can be used to pass secrets (e.g.
    71. 

  71.         database passwords) without putting them in the Nix store.
    72. 

  72.       '';
    73. 

  73.     };
    74. 

  74. 

  75.     theme = lib.mkOption {
    76. 

  76.       type = lib.types.nullOr (
    77. 

  77.         lib.types.either (lib.types.enum [
    78. 

  78.           "dark"
    79. 

  79.           "dark-blue"
    80. 

  80.           "dark-green"
    81. 

  81.           "dark-magenta"
    82. 

  82.           "dark-orange"
    83. 

  83.           "dark-red"
    84. 

  84.           "dark-yellow"
    85. 

  85.         ]) lib.types.path
    86. 

  86.       );
    87. 

  87.       default = null;
    88. 

  88.       example = "dark-blue";
    89. 

  89.       description = ''
    90. 

  90.         Dark theme for Gogs. Can be:
    91. 

  91.         - A string selecting a built-in variant from pkgs.gogs-themes:
    92. 

  92.           dark, dark-blue, dark-green, dark-magenta, dark-orange, dark-red, dark-yellow.
    93. 

  93.         - A path or package pointing to a custom CSS file.
    94. 

  94.         Set to null to disable theming.
    95. 

  95.       '';
    96. 

  96.     };
    97. 

  97. 

  98.     adminUser = lib.mkOption {
    99. 

  99.       type = lib.types.nullOr (lib.types.submodule {
    100. 

  100.         options = {
    101. 

  101.           name = lib.mkOption {
    102. 

  102.             type = lib.types.str;
    103. 

  103.             description = "Admin username.";
    104. 

  104.           };
    105. 

  105.           email = lib.mkOption {
    106. 

  106.             type = lib.types.str;
    107. 

  107.             description = "Admin email address.";
    108. 

  108.           };
    109. 

  109.           passwordFile = lib.mkOption {
    110. 

  110.             type = lib.types.path;
    111. 

  111.             description = ''
    112. 

  112.               File containing the admin password. Must be readable by root.
    113. 

  113.               Recommended to use an age secret managed by agenix.
    114. 

  114.             '';
    115. 

  115.           };
    116. 

  116.         };
    117. 

  117.       });
    118. 

  118.       default = null;
    119. 

  119.       example = {
    120. 

  120.         email = "[email protected]";
    121. 

  121.         passwordFile = "/run/secrets/gogs-admin-password";
    122. 

  122.       };
    123. 

  123.       description = ''
    124. 

  124.         Admin user to create on first startup. Uses gogs admin create-user
    125. 

  125.         via ExecStartPost. Idempotent — silently skips if the user already
    126. 

  126.         exists. Set to null to skip.
    127. 

  127.       '';
    128. 

  128.     };
    129. 

  129. 

  130.     settings = lib.mkOption {
    131. 

  131.       type = iniFormat.type;
    132. 

  132.       default = { };
    133. 

  133. 

  134.       example = lib.literalExpression ''
    135. 

  135.         {
    136. 

  136.           server = {
    137. 

  137.             DOMAIN = "git.example.com";
    138. 

  138.             ROOT_URL = "https://git.example.com/";
    139. 

  139.             HTTP_PORT = 3000;
    140. 

  140.           };
    141. 

  141. 

  142.           database = {
    143. 

  143.             TYPE = "sqlite3";
    144. 

  144.             PATH = "/var/lib/gogs/data/gogs.db";
    145. 

  145.           };
    146. 

  146.         }
    147. 

  147.       '';
    148. 

  148. 

  149.       description = ''
    150. 

  150.         Settings written to app.ini.
    151. 

  151. 

  152.         See:
    153. 

  153.         https://gogs.io/docs/advanced/configuration_cheat_sheet
    154. 

  154.       '';
    155. 

  155.     };
    156. 

  156.   };
    157. 

  157. 

  158.   config = mkIf cfg.enable {
    159. 

  159. 

  160.     users.users.${cfg.user} = {
    161. 

  161.       isSystemUser = true;
    162. 

  162.       group = cfg.group;
    163. 

  163.       home = cfg.stateDir;
    164. 

  164.       createHome = true;
    165. 

  165.     };
    166. 

  166. 

  167.     users.groups.${cfg.group} = { };
    168. 

  168. 

  169.     systemd.tmpfiles.rules = [
    170. 

  170.       "d ${cfg.stateDir} 0750 ${cfg.user} ${cfg.group} -"
    171. 

  171.       "d ${cfg.stateDir}/repositories 0750 ${cfg.user} ${cfg.group} -"
    172. 

  172.       "d ${cfg.stateDir}/data 0750 ${cfg.user} ${cfg.group} -"
    173. 

  173.       "d ${cfg.stateDir}/log 0750 ${cfg.user} ${cfg.group} -"
    174. 

  174.       "d ${cfg.stateDir}/custom/public/css 0755 ${cfg.user} ${cfg.group} -"
    175. 

  175.       "d ${cfg.stateDir}/custom/templates/inject 0755 ${cfg.user} ${cfg.group} -"
    176. 

  176.     ];
    177. 

  177. 

  178.     systemd.services.gogs = {
    179. 

  179.       description = "Gogs Git Service";
    180. 

  180. 

  181.       after = [ "network.target" ];
    182. 

  182.       wantedBy = [ "multi-user.target" ];
    183. 

  183. 

  184.       environment = {
    185. 

  185.         GOGS_WORK_DIR = cfg.stateDir;
    186. 

  186.         GOGS_CUSTOM = "${cfg.stateDir}/custom";
    187. 

  187.       };
    188. 

  188. 

  189.       serviceConfig = {
    190. 

  190.         Type = "simple";
    191. 

  191. 

  192.         User = cfg.user;
    193. 

  193.         Group = cfg.group;
    194. 

  194.         EnvironmentFile = lib.mkIf (cfg.environmentFile != null) cfg.environmentFile;
    195. 

  195. 

  196.         StateDirectory = "gogs";
    197. 

  197.         StateDirectoryMode = "0750";
    198. 

  198.         WorkingDirectory = cfg.stateDir;
    199. 

  199. 

  200.         ExecStart =
    201. 

  201.           "${getExe cfg.package} web --config ${configFile}";
    202. 

  202.         ExecStartPre = lib.mkIf (themeFile != null) [
    203. 

  203.           "+${themeSetupScript}"
    204. 

  204.         ];
    205. 

  205. 

  206.         Restart = "on-failure";
    207. 

  207. 

  208.         NoNewPrivileges = true;
    209. 

  209.         PrivateTmp = true;
    210. 

  210.         ProtectSystem = "strict";
    211. 

  211.         ProtectHome = true;
    212. 

  212.       };
    213. 

  213. 

  214.       postStart = lib.mkIf (cfg.adminUser != null) ''
    215. 

  215.         ${lib.getExe cfg.package} admin create-user \
    216. 

  216.           --name ${lib.escapeShellArg cfg.adminUser.name} \
    217. 

  217.           --password "$(cat ${cfg.adminUser.passwordFile})" \
    218. 

  218.           --email ${lib.escapeShellArg cfg.adminUser.email} \
    219. 

  219.           --admin \
    220. 

  220.           --config ${configFile} \
    221. 

  221.           >/dev/null 2>&1 || true
    222. 

  222.       '';
    223. 

  223.     };
    224. 

  224.   };
    225. 

  225. }
    226.