refactor(ops/cgit): make user configurable
on whitby, cgit runs as the gerrit user to get access to serving gerrit's repositories directly. on other machines (e.g. sanduny) this isn't necessary, as we have a world-readable depot replica. Change-Id: Ibf7e7cc08e5909e0fa182e561ab0cb472188edcb Reviewed-on: https://cl.tvl.fyi/c/depot/+/5932 Tested-by: BuildkiteCI Reviewed-by: sterni <sternenseemann@systemli.org>
This commit is contained in:
parent
39d589b84b
commit
fcfd097e65
2 changed files with 24 additions and 4 deletions
|
@ -413,7 +413,11 @@ in
|
|||
nixery.enable = true;
|
||||
|
||||
# Run cgit & josh to serve git
|
||||
cgit.enable = true;
|
||||
cgit = {
|
||||
enable = true;
|
||||
user = "git"; # run as the same user as gerrit
|
||||
};
|
||||
|
||||
josh.enable = true;
|
||||
|
||||
# Configure backups to GleSYS
|
||||
|
|
|
@ -3,6 +3,14 @@
|
|||
|
||||
let
|
||||
cfg = config.services.depot.cgit;
|
||||
|
||||
userConfig =
|
||||
if builtins.isNull cfg.user then {
|
||||
DynamicUser = true;
|
||||
} else {
|
||||
User = cfg.user;
|
||||
Group = cfg.user;
|
||||
};
|
||||
in
|
||||
{
|
||||
options.services.depot.cgit = with lib; {
|
||||
|
@ -19,6 +27,16 @@ in
|
|||
type = types.str;
|
||||
default = "/var/lib/gerrit/git/depot.git/";
|
||||
};
|
||||
|
||||
user = mkOption {
|
||||
description = ''
|
||||
User to use for the cgit service. It is expected that this is
|
||||
also the name of the user's primary group.
|
||||
'';
|
||||
|
||||
type = with types; nullOr str;
|
||||
default = null;
|
||||
};
|
||||
};
|
||||
|
||||
config = lib.mkIf cfg.enable {
|
||||
|
@ -27,13 +45,11 @@ in
|
|||
|
||||
serviceConfig = {
|
||||
Restart = "on-failure";
|
||||
User = "git";
|
||||
Group = "git";
|
||||
|
||||
ExecStart = depot.web.cgit-tvl.override {
|
||||
inherit (cfg) port repo;
|
||||
};
|
||||
};
|
||||
} // userConfig;
|
||||
};
|
||||
};
|
||||
}
|
||||
|
|
Loading…
Reference in a new issue