nixos/gitea: don't configure the database if createDatabase == false
#268849
+45
−20
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
github-actions
bot
added
6.topic: nixos
uninsane
commented
Nov 21, 2023
ofborg
bot
added
10.rebuild-darwin: 0
Ma27
requested changes
Dec 9, 2023
There was a problem hiding this comment.
For context, there was a discussion in the past on when to declare dependencies (because requires will cause problems when undefined services are listed in there): #237544
If you declare createDatabase = false;, I'd expect that the module leaves the entire task of configuring the database connection to me.
I think the correct fix is to add an assertion here that ensures that the system user is equal to the database user (and thus the PAM authentication used by createDatabase = true; will work again) and ask everybody who doesn't do that (system user == db user == db name) to configure it themselves.
wegank
added
the
2.status: stale
uninsane
force-pushed
the
pr-gitea-authfix
branch
from
adc3949 to
323d69f
Compare
stale
bot
removed
the
2.status: stale
fixes fallout from <NixOS#266270>. a common idiom is to run the git server as user `git`, instead of `gitea`, with configuration like this: ```nix services.gitea.user = "git"; services.gitea.database.user = "git"; ``` after NixOS#266270, this requires setting `services.gitea.database.createDatabase = false` (as recommended by the assertion). however, the module then plumbs defaults which no longer make sense into the gitea config causing a failed connection at runtime: ``` gitea-pre-start: cmd/migrate.go:40:runMigrate() [F] Failed to initialize ORM engine: pq: password authentication failed for user "git" ``` instead, don't default any of the connection settings when `createDatabase == false`: error at eval time (instead of runtime) if the user hasn't explicitly configured the remaining connection settings.
uninsane
force-pushed
the
pr-gitea-authfix
branch
from
323d69f to
92662a9
Compare
|
@Ma27 took me a bit to find something ergonomic, pushed a patch which i think does a good job. if services.gitea.enable = true;
services.gitea.database.type = "postgres";
services.gitea.database.createDatabase = false;
# if eval'd here, user will see an error about `config.services.gitea.database.{name,user,...}` being referenced but not defined
services.gitea.database.name = "gitea";
services.gitea.database.user = "git";
services.gitea.database.socket = "/run/postgresql";
# then user is expected to manually configure services.postgresql, and define a `requires` from gitea onto postgresql if applicable |
uninsane
changed the title
createDatabase == false
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
fixes fallout from #266270.
a common idiom is to run the git server as user
git, instead ofgitea, with configuration like this:after #266270, this requires setting
services.gitea.database.createDatabase = false(as recommended by the assertion). however, the module then plumbs defaults which no longer make sense into the gitea config causing a failed connection at runtime:instead, don't default any of the connection settings when
createDatabase == false: error at eval time (instead of runtime) if the user hasn't explicitly configured the remaining connection settings.Description of changes
Things done
nix.conf? (See Nix manual)sandbox = relaxedsandbox = truenix-shell -p nixpkgs-review --run "nixpkgs-review rev HEAD". Note: all changes have to be committed, also see nixpkgs-review usage./result/bin/)