pyrox.dev / nixpkgs
lol
fork atom

sourcehut: use systemd.tmpfiles instead of manually creating logfiles

Signed-off-by: Christoph Heiss <christoph@c8h4.io>

Christoph Heiss acd21dad 79dc7c3c

options
unified split
Changed files
+12 -12
nixos
modules
services
misc
sourcehut
default.nix
+12 -12
nixos/modules/services/misc/sourcehut/default.nix 
···

       
793

       
 

       
          ${pkgs.sourcehut.gitsrht}/bin/gitsrht-dispatch "$@"


     

       
794

       
 

       
        '';


     

       
795

       
 

       
      };


     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       
796

       
 

       
      systemd.services.sshd = {


     

       
797

       
-

       
        preStart = concatStringsSep "\n" (


     

       
798

       
-

       
          optionals cfg.git.enable (map (n: ''


     

       
799

       
-

       
            touch /var/log/sourcehut/gitsrht-${n} # create if it does not exist yet


     

       
800

       
-

       
            chown --silent ${cfg.git.user}:${cfg.git.group} /var/log/sourcehut/gitsrht-${n} || true


     

       
801

       
-

       
          '') [


     

       
802

       
-

       
            "keys"


     

       
803

       
-

       
            "shell"


     

       
804

       
-

       
            "update-hook"


     

       
805

       
-

       
          ]) ++


     

       
806

       
-

       
          optional cfg.hg.enable [


     

       
807

       
-

       
            "chown ${cfg.hg.user}:${cfg.hg.group} /var/log/sourcehut/hgsrht-keys"


     

       
808

       
-

       
          ]);


     

       
809

       
 

       
        serviceConfig = {


     

       
810

       
 

       
          LogsDirectory = "sourcehut";


     

       
811

       
 

       
          BindReadOnlyPaths =


     
···

       
793

       
 

       
          ${pkgs.sourcehut.gitsrht}/bin/gitsrht-dispatch "$@"


     

       
794

       
 

       
        '';


     

       
795

       
 

       
      };


     

       
796

       
+

       
      systemd.tmpfiles.settings."10-sourcehut-gitsrht" = mkIf cfg.git.enable (


     

       
797

       
+

       
        builtins.listToAttrs (map (name: {


     

       
798

       
+

       
          name = "/var/log/sourcehut/gitsrht-${name}";


     

       
799

       
+

       
          value.f = {


     

       
800

       
+

       
            inherit (cfg.git) user group;


     

       
801

       
+

       
            mode = "0644";


     

       
802

       
+

       
          };


     

       
803

       
+

       
        }) [ "keys" "shell" "update-hook" ])


     

       
804

       
+

       
      );


     

       
805

       
 

       
      systemd.services.sshd = {


     

       
806

       
+

       
        preStart = mkIf cfg.hg.enable ''


     

       
807

       
+

       
          chown ${cfg.hg.user}:${cfg.hg.group} /var/log/sourcehut/hgsrht-keys


     

       
808

       
+

       
        '';


     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       
809

       
 

       
        serviceConfig = {


     

       
810

       
 

       
          LogsDirectory = "sourcehut";


     

       
811

       
 

       
          BindReadOnlyPaths =