mirror of
https://github.com/NixOS/nixpkgs.git
synced 2024-11-30 10:53:11 +00:00
Gancio service fixes (#340782)
This commit is contained in:
commit
5a39b9e407
@ -54,24 +54,20 @@ in
|
|||||||
};
|
};
|
||||||
baseurl = mkOption {
|
baseurl = mkOption {
|
||||||
type = types.str;
|
type = types.str;
|
||||||
default = "";
|
default = "http${
|
||||||
example = "/gancio";
|
lib.optionalString config.services.nginx.virtualHosts."${cfg.settings.hostname}".enableACME "s"
|
||||||
description = "The URL path under which the server is reachable.";
|
}://${cfg.settings.hostname}";
|
||||||
|
defaultText = lib.literalExpression ''"https://''${cfg.settings.hostname}"'';
|
||||||
|
example = "https://demo.gancio.org/gancio";
|
||||||
|
description = "The full URL under which the server is reachable.";
|
||||||
};
|
};
|
||||||
server = {
|
server = {
|
||||||
host = mkOption {
|
socket = mkOption {
|
||||||
type = types.str;
|
type = types.path;
|
||||||
default = "localhost";
|
readOnly = true;
|
||||||
example = "::";
|
default = "/run/gancio/socket";
|
||||||
description = ''
|
description = ''
|
||||||
The address (IPv4, IPv6 or DNS) for the gancio server to listen on.
|
The unix socket for the gancio server to listen on.
|
||||||
'';
|
|
||||||
};
|
|
||||||
port = mkOption {
|
|
||||||
type = types.port;
|
|
||||||
default = 13120;
|
|
||||||
description = ''
|
|
||||||
Port number of the gancio server to listen on.
|
|
||||||
'';
|
'';
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
@ -157,11 +153,18 @@ in
|
|||||||
};
|
};
|
||||||
|
|
||||||
nginx = mkOption {
|
nginx = mkOption {
|
||||||
type = types.submodule (import ../web-servers/nginx/vhost-options.nix { inherit config lib; });
|
type = types.submodule (
|
||||||
|
lib.recursiveUpdate (import ../web-servers/nginx/vhost-options.nix { inherit config lib; }) {
|
||||||
|
# enable encryption by default,
|
||||||
|
# as sensitive login credentials should not be transmitted in clear text.
|
||||||
|
options.forceSSL.default = true;
|
||||||
|
options.enableACME.default = true;
|
||||||
|
}
|
||||||
|
);
|
||||||
default = { };
|
default = { };
|
||||||
example = {
|
example = {
|
||||||
enableACME = true;
|
enableACME = false;
|
||||||
forceSSL = true;
|
forceSSL = false;
|
||||||
};
|
};
|
||||||
description = "Extra configuration for the nginx virtual host of gancio.";
|
description = "Extra configuration for the nginx virtual host of gancio.";
|
||||||
};
|
};
|
||||||
@ -224,6 +227,10 @@ in
|
|||||||
|
|
||||||
serviceConfig = {
|
serviceConfig = {
|
||||||
ExecStart = "${getExe cfg.package} start ${configFile}";
|
ExecStart = "${getExe cfg.package} start ${configFile}";
|
||||||
|
# set umask so that nginx can write to the server socket
|
||||||
|
# FIXME: upstream socket permission configuration in Nuxt
|
||||||
|
UMask = "0002";
|
||||||
|
RuntimeDirectory = "gancio";
|
||||||
StateDirectory = "gancio";
|
StateDirectory = "gancio";
|
||||||
WorkingDirectory = "/var/lib/gancio";
|
WorkingDirectory = "/var/lib/gancio";
|
||||||
LogsDirectory = "gancio";
|
LogsDirectory = "gancio";
|
||||||
@ -260,8 +267,6 @@ in
|
|||||||
virtualHosts."${cfg.settings.hostname}" = mkMerge [
|
virtualHosts."${cfg.settings.hostname}" = mkMerge [
|
||||||
cfg.nginx
|
cfg.nginx
|
||||||
{
|
{
|
||||||
enableACME = mkDefault true;
|
|
||||||
forceSSL = mkDefault true;
|
|
||||||
locations = {
|
locations = {
|
||||||
"/" = {
|
"/" = {
|
||||||
index = "index.html";
|
index = "index.html";
|
||||||
@ -269,12 +274,14 @@ in
|
|||||||
};
|
};
|
||||||
"@proxy" = {
|
"@proxy" = {
|
||||||
proxyWebsockets = true;
|
proxyWebsockets = true;
|
||||||
proxyPass = "http://${cfg.settings.server.host}:${toString cfg.settings.server.port}";
|
proxyPass = "http://unix:${cfg.settings.server.socket}";
|
||||||
recommendedProxySettings = true;
|
recommendedProxySettings = true;
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
}
|
}
|
||||||
];
|
];
|
||||||
};
|
};
|
||||||
|
# for nginx to access gancio socket
|
||||||
|
users.users."${config.services.nginx.user}".extraGroups = [ config.users.users.${cfg.user}.group ];
|
||||||
};
|
};
|
||||||
}
|
}
|
||||||
|
@ -71,7 +71,7 @@ import ./make-test-python.nix (
|
|||||||
server.wait_for_unit("postgresql")
|
server.wait_for_unit("postgresql")
|
||||||
server.wait_for_unit("gancio")
|
server.wait_for_unit("gancio")
|
||||||
server.wait_for_unit("nginx")
|
server.wait_for_unit("nginx")
|
||||||
server.wait_for_open_port(13120)
|
server.wait_for_file("/run/gancio/socket")
|
||||||
server.wait_for_open_port(80)
|
server.wait_for_open_port(80)
|
||||||
|
|
||||||
# Check can create user via cli
|
# Check can create user via cli
|
||||||
|
Loading…
Reference in New Issue
Block a user