refactor(ops/cgit): make user configurable
on whitby, cgit runs as the gerrit user to get access to serving gerrit's repositories directly. on other machines (e.g. sanduny) this isn't necessary, as we have a world-readable depot replica. Change-Id: Ibf7e7cc08e5909e0fa182e561ab0cb472188edcb Reviewed-on: https://cl.tvl.fyi/c/depot/+/5932 Tested-by: BuildkiteCI Reviewed-by: sterni <sternenseemann@systemli.org>
This commit is contained in:
		
							parent
							
								
									39d589b84b
								
							
						
					
					
						commit
						fcfd097e65
					
				
					 2 changed files with 24 additions and 4 deletions
				
			
		|  | @ -3,6 +3,14 @@ | |||
| 
 | ||||
| let | ||||
|   cfg = config.services.depot.cgit; | ||||
| 
 | ||||
|   userConfig = | ||||
|     if builtins.isNull cfg.user then { | ||||
|       DynamicUser = true; | ||||
|     } else { | ||||
|       User = cfg.user; | ||||
|       Group = cfg.user; | ||||
|     }; | ||||
| in | ||||
| { | ||||
|   options.services.depot.cgit = with lib; { | ||||
|  | @ -19,6 +27,16 @@ in | |||
|       type = types.str; | ||||
|       default = "/var/lib/gerrit/git/depot.git/"; | ||||
|     }; | ||||
| 
 | ||||
|     user = mkOption { | ||||
|       description = '' | ||||
|         User to use for the cgit service. It is expected that this is | ||||
|         also the name of the user's primary group. | ||||
|       ''; | ||||
| 
 | ||||
|       type = with types; nullOr str; | ||||
|       default = null; | ||||
|     }; | ||||
|   }; | ||||
| 
 | ||||
|   config = lib.mkIf cfg.enable { | ||||
|  | @ -27,13 +45,11 @@ in | |||
| 
 | ||||
|       serviceConfig = { | ||||
|         Restart = "on-failure"; | ||||
|         User = "git"; | ||||
|         Group = "git"; | ||||
| 
 | ||||
|         ExecStart = depot.web.cgit-tvl.override { | ||||
|           inherit (cfg) port repo; | ||||
|         }; | ||||
|       }; | ||||
|       } // userConfig; | ||||
|     }; | ||||
|   }; | ||||
| } | ||||
|  |  | |||
		Loading…
	
	Add table
		Add a link
		
	
		Reference in a new issue