nixos/modules/services/misc/gogs.nix at 22.05-pre · pyrox.dev/nixpkgs

pyrox.dev / nixpkgs
lol
nixpkgs / nixos / modules / services / misc / gogs.nix
at 22.05-pre 7.5 kB view raw
  1{ config, lib, pkgs, ... }:
  2
  3with lib;
  4
  5let
  6  cfg = config.services.gogs;
  7  configFile = pkgs.writeText "app.ini" ''
  8    APP_NAME = ${cfg.appName}
  9    RUN_USER = ${cfg.user}
 10    RUN_MODE = prod
 11
 12    [database]
 13    DB_TYPE = ${cfg.database.type}
 14    HOST = ${cfg.database.host}:${toString cfg.database.port}
 15    NAME = ${cfg.database.name}
 16    USER = ${cfg.database.user}
 17    PASSWD = #dbpass#
 18    PATH = ${cfg.database.path}
 19
 20    [repository]
 21    ROOT = ${cfg.repositoryRoot}
 22
 23    [server]
 24    DOMAIN = ${cfg.domain}
 25    HTTP_ADDR = ${cfg.httpAddress}
 26    HTTP_PORT = ${toString cfg.httpPort}
 27    ROOT_URL = ${cfg.rootUrl}
 28
 29    [session]
 30    COOKIE_NAME = session
 31    COOKIE_SECURE = ${boolToString cfg.cookieSecure}
 32
 33    [security]
 34    SECRET_KEY = #secretkey#
 35    INSTALL_LOCK = true
 36
 37    [log]
 38    ROOT_PATH = ${cfg.stateDir}/log
 39
 40    ${cfg.extraConfig}
 41  '';
 42in
 43
 44{
 45  options = {
 46    services.gogs = {
 47      enable = mkOption {
 48        default = false;
 49        type = types.bool;
 50        description = "Enable Go Git Service.";
 51      };
 52
 53      useWizard = mkOption {
 54        default = false;
 55        type = types.bool;
 56        description = "Do not generate a configuration and use Gogs' installation wizard instead. The first registered user will be administrator.";
 57      };
 58
 59      stateDir = mkOption {
 60        default = "/var/lib/gogs";
 61        type = types.str;
 62        description = "Gogs data directory.";
 63      };
 64
 65      user = mkOption {
 66        type = types.str;
 67        default = "gogs";
 68        description = "User account under which Gogs runs.";
 69      };
 70
 71      group = mkOption {
 72        type = types.str;
 73        default = "gogs";
 74        description = "Group account under which Gogs runs.";
 75      };
 76
 77      database = {
 78        type = mkOption {
 79          type = types.enum [ "sqlite3" "mysql" "postgres" ];
 80          example = "mysql";
 81          default = "sqlite3";
 82          description = "Database engine to use.";
 83        };
 84
 85        host = mkOption {
 86          type = types.str;
 87          default = "127.0.0.1";
 88          description = "Database host address.";
 89        };
 90
 91        port = mkOption {
 92          type = types.int;
 93          default = 3306;
 94          description = "Database host port.";
 95        };
 96
 97        name = mkOption {
 98          type = types.str;
 99          default = "gogs";
100          description = "Database name.";
101        };
102
103        user = mkOption {
104          type = types.str;
105          default = "gogs";
106          description = "Database user.";
107        };
108
109        password = mkOption {
110          type = types.str;
111          default = "";
112          description = ''
113            The password corresponding to <option>database.user</option>.
114            Warning: this is stored in cleartext in the Nix store!
115            Use <option>database.passwordFile</option> instead.
116          '';
117        };
118
119        passwordFile = mkOption {
120          type = types.nullOr types.path;
121          default = null;
122          example = "/run/keys/gogs-dbpassword";
123          description = ''
124            A file containing the password corresponding to
125            <option>database.user</option>.
126          '';
127        };
128
129        path = mkOption {
130          type = types.str;
131          default = "${cfg.stateDir}/data/gogs.db";
132          description = "Path to the sqlite3 database file.";
133        };
134      };
135
136      appName = mkOption {
137        type = types.str;
138        default = "Gogs: Go Git Service";
139        description = "Application name.";
140      };
141
142      repositoryRoot = mkOption {
143        type = types.str;
144        default = "${cfg.stateDir}/repositories";
145        description = "Path to the git repositories.";
146      };
147
148      domain = mkOption {
149        type = types.str;
150        default = "localhost";
151        description = "Domain name of your server.";
152      };
153
154      rootUrl = mkOption {
155        type = types.str;
156        default = "http://localhost:3000/";
157        description = "Full public URL of Gogs server.";
158      };
159
160      httpAddress = mkOption {
161        type = types.str;
162        default = "0.0.0.0";
163        description = "HTTP listen address.";
164      };
165
166      httpPort = mkOption {
167        type = types.int;
168        default = 3000;
169        description = "HTTP listen port.";
170      };
171
172      cookieSecure = mkOption {
173        type = types.bool;
174        default = false;
175        description = ''
176          Marks session cookies as "secure" as a hint for browsers to only send
177          them via HTTPS. This option is recommend, if Gogs is being served over HTTPS.
178        '';
179      };
180
181      extraConfig = mkOption {
182        type = types.str;
183        default = "";
184        description = "Configuration lines appended to the generated Gogs configuration file.";
185      };
186    };
187  };
188
189  config = mkIf cfg.enable {
190
191    systemd.services.gogs = {
192      description = "Gogs (Go Git Service)";
193      after = [ "network.target" ];
194      wantedBy = [ "multi-user.target" ];
195      path = [ pkgs.gogs ];
196
197      preStart = let
198        runConfig = "${cfg.stateDir}/custom/conf/app.ini";
199        secretKey = "${cfg.stateDir}/custom/conf/secret_key";
200      in ''
201        mkdir -p ${cfg.stateDir}
202
203        # copy custom configuration and generate a random secret key if needed
204        ${optionalString (cfg.useWizard == false) ''
205          mkdir -p ${cfg.stateDir}/custom/conf
206          cp -f ${configFile} ${runConfig}
207
208          if [ ! -e ${secretKey} ]; then
209              head -c 16 /dev/urandom | base64 > ${secretKey}
210          fi
211
212          KEY=$(head -n1 ${secretKey})
213          DBPASS=$(head -n1 ${cfg.database.passwordFile})
214          sed -e "s,#secretkey#,$KEY,g" \
215              -e "s,#dbpass#,$DBPASS,g" \
216              -i ${runConfig}
217          chmod 440 ${runConfig} ${secretKey}
218        ''}
219
220        mkdir -p ${cfg.repositoryRoot}
221        # update all hooks' binary paths
222        HOOKS=$(find ${cfg.repositoryRoot} -mindepth 4 -maxdepth 4 -type f -wholename "*git/hooks/*")
223        if [ "$HOOKS" ]
224        then
225          sed -ri 's,/nix/store/[a-z0-9.-]+/bin/gogs,${pkgs.gogs}/bin/gogs,g' $HOOKS
226          sed -ri 's,/nix/store/[a-z0-9.-]+/bin/env,${pkgs.coreutils}/bin/env,g' $HOOKS
227          sed -ri 's,/nix/store/[a-z0-9.-]+/bin/bash,${pkgs.bash}/bin/bash,g' $HOOKS
228          sed -ri 's,/nix/store/[a-z0-9.-]+/bin/perl,${pkgs.perl}/bin/perl,g' $HOOKS
229        fi
230      '';
231
232      serviceConfig = {
233        Type = "simple";
234        User = cfg.user;
235        Group = cfg.group;
236        WorkingDirectory = cfg.stateDir;
237        ExecStart = "${pkgs.gogs}/bin/gogs web";
238        Restart = "always";
239      };
240
241      environment = {
242        USER = cfg.user;
243        HOME = cfg.stateDir;
244        GOGS_WORK_DIR = cfg.stateDir;
245      };
246    };
247
248    users = mkIf (cfg.user == "gogs") {
249      users.gogs = {
250        description = "Go Git Service";
251        uid = config.ids.uids.gogs;
252        group = "gogs";
253        home = cfg.stateDir;
254        createHome = true;
255        shell = pkgs.bash;
256      };
257      groups.gogs.gid = config.ids.gids.gogs;
258    };
259
260    warnings = optional (cfg.database.password != "")
261      ''config.services.gogs.database.password will be stored as plaintext
262        in the Nix store. Use database.passwordFile instead.'';
263
264    # Create database passwordFile default when password is configured.
265    services.gogs.database.passwordFile =
266      (mkDefault (toString (pkgs.writeTextFile {
267        name = "gogs-database-password";
268        text = cfg.database.password;
269      })));
270  };
271}