From 922389ef205825163eb5b4e606b82a65deaa05c2 Mon Sep 17 00:00:00 2001 From: tv Date: Tue, 7 Jun 2016 23:02:37 +0200 Subject: krebs.git.cgit.fcgiwrap: make user configurable --- krebs/3modules/git.nix | 47 ++++++++++++++++++++++++++--------------------- 1 file changed, 26 insertions(+), 21 deletions(-) diff --git a/krebs/3modules/git.nix b/krebs/3modules/git.nix index aabf4614f..0d12155f4 100644 --- a/krebs/3modules/git.nix +++ b/krebs/3modules/git.nix @@ -25,6 +25,21 @@ let type = types.submodule { options = { enable = mkEnableOption "krebs.git.cgit" // { default = true; }; + fcgiwrap = { + group = mkOption { + type = types.group; + default = { + name = "fcgiwrap"; + }; + }; + user = mkOption { + type = types.user; + default = { + name = "fcgiwrap"; + home = toString pkgs.empty; + }; + }; + }; settings = mkOption { apply = flip removeAttrs ["_module"]; default = {}; @@ -324,19 +339,20 @@ let }; cgit-imp = { - users.extraUsers = lib.singleton { - inherit (fcgitwrap-user) group name uid; - home = toString (pkgs.runCommand "empty" {} "mkdir -p $out"); - }; - - users.extraGroups = lib.singleton { - inherit (fcgitwrap-group) gid name; + users = { + groups.${cfg.cgit.fcgiwrap.group.name} = { + inherit (cfg.cgit.fcgiwrap.group) name gid; + }; + users.${cfg.cgit.fcgiwrap.user.name} = { + inherit (cfg.cgit.fcgiwrap.user) home name uid; + group = cfg.cgit.fcgiwrap.group.name; + }; }; services.fcgiwrap = { enable = true; - user = fcgitwrap-user.name; - group = fcgitwrap-user.group; + user = cfg.cgit.fcgiwrap.user.name; + group = cfg.cgit.fcgiwrap.group.name; # socketAddress = "/run/fcgiwrap.sock" (default) # socketType = "unix" (default) }; @@ -368,7 +384,7 @@ let system.activationScripts.cgit = '' mkdir -m 0700 -p ${cfg.cgit.settings.cache-root} - chown ${toString fcgitwrap-user.uid}:${toString fcgitwrap-group.gid} ${cfg.cgit.settings.cache-root} + chown ${toString cfg.cgit.fcgiwrap.user.uid}:${toString cfg.cgit.fcgiwrap.group.gid} ${cfg.cgit.settings.cache-root} ''; krebs.nginx = { @@ -396,17 +412,6 @@ let }; }; - fcgitwrap-user = rec { - name = "fcgiwrap"; - uid = genid name; - group = "fcgiwrap"; - }; - - fcgitwrap-group = { - name = fcgitwrap-user.name; - gid = fcgitwrap-user.uid; - }; - getName = x: x.name; isPublicRepo = getAttr "public"; # TODO this is also in ./cgit.nix -- cgit v1.2.3