krebs.git.cgit.fcgiwrap: make user configurable
This commit is contained in:
parent
f90f8dc000
commit
922389ef20
@ -25,6 +25,21 @@ let
|
|||||||
type = types.submodule {
|
type = types.submodule {
|
||||||
options = {
|
options = {
|
||||||
enable = mkEnableOption "krebs.git.cgit" // { default = true; };
|
enable = mkEnableOption "krebs.git.cgit" // { default = true; };
|
||||||
|
fcgiwrap = {
|
||||||
|
group = mkOption {
|
||||||
|
type = types.group;
|
||||||
|
default = {
|
||||||
|
name = "fcgiwrap";
|
||||||
|
};
|
||||||
|
};
|
||||||
|
user = mkOption {
|
||||||
|
type = types.user;
|
||||||
|
default = {
|
||||||
|
name = "fcgiwrap";
|
||||||
|
home = toString pkgs.empty;
|
||||||
|
};
|
||||||
|
};
|
||||||
|
};
|
||||||
settings = mkOption {
|
settings = mkOption {
|
||||||
apply = flip removeAttrs ["_module"];
|
apply = flip removeAttrs ["_module"];
|
||||||
default = {};
|
default = {};
|
||||||
@ -324,19 +339,20 @@ let
|
|||||||
};
|
};
|
||||||
|
|
||||||
cgit-imp = {
|
cgit-imp = {
|
||||||
users.extraUsers = lib.singleton {
|
users = {
|
||||||
inherit (fcgitwrap-user) group name uid;
|
groups.${cfg.cgit.fcgiwrap.group.name} = {
|
||||||
home = toString (pkgs.runCommand "empty" {} "mkdir -p $out");
|
inherit (cfg.cgit.fcgiwrap.group) name gid;
|
||||||
};
|
};
|
||||||
|
users.${cfg.cgit.fcgiwrap.user.name} = {
|
||||||
users.extraGroups = lib.singleton {
|
inherit (cfg.cgit.fcgiwrap.user) home name uid;
|
||||||
inherit (fcgitwrap-group) gid name;
|
group = cfg.cgit.fcgiwrap.group.name;
|
||||||
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
services.fcgiwrap = {
|
services.fcgiwrap = {
|
||||||
enable = true;
|
enable = true;
|
||||||
user = fcgitwrap-user.name;
|
user = cfg.cgit.fcgiwrap.user.name;
|
||||||
group = fcgitwrap-user.group;
|
group = cfg.cgit.fcgiwrap.group.name;
|
||||||
# socketAddress = "/run/fcgiwrap.sock" (default)
|
# socketAddress = "/run/fcgiwrap.sock" (default)
|
||||||
# socketType = "unix" (default)
|
# socketType = "unix" (default)
|
||||||
};
|
};
|
||||||
@ -368,7 +384,7 @@ let
|
|||||||
|
|
||||||
system.activationScripts.cgit = ''
|
system.activationScripts.cgit = ''
|
||||||
mkdir -m 0700 -p ${cfg.cgit.settings.cache-root}
|
mkdir -m 0700 -p ${cfg.cgit.settings.cache-root}
|
||||||
chown ${toString fcgitwrap-user.uid}:${toString fcgitwrap-group.gid} ${cfg.cgit.settings.cache-root}
|
chown ${toString cfg.cgit.fcgiwrap.user.uid}:${toString cfg.cgit.fcgiwrap.group.gid} ${cfg.cgit.settings.cache-root}
|
||||||
'';
|
'';
|
||||||
|
|
||||||
krebs.nginx = {
|
krebs.nginx = {
|
||||||
@ -396,17 +412,6 @@ let
|
|||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
fcgitwrap-user = rec {
|
|
||||||
name = "fcgiwrap";
|
|
||||||
uid = genid name;
|
|
||||||
group = "fcgiwrap";
|
|
||||||
};
|
|
||||||
|
|
||||||
fcgitwrap-group = {
|
|
||||||
name = fcgitwrap-user.name;
|
|
||||||
gid = fcgitwrap-user.uid;
|
|
||||||
};
|
|
||||||
|
|
||||||
getName = x: x.name;
|
getName = x: x.name;
|
||||||
|
|
||||||
isPublicRepo = getAttr "public"; # TODO this is also in ./cgit.nix
|
isPublicRepo = getAttr "public"; # TODO this is also in ./cgit.nix
|
||||||
|
Loading…
Reference in New Issue
Block a user