nixos/gitolite: dataDir group-readable

author: bake <bake@192k.pw> 2019-06-22 19:18:51 +0200
committer: Matthieu Coudron <coudron@iij.ad.jp> 2019-08-04 18:47:02 +0900
commit: 9e2a710117d4ed705e05243dd740586e558d1899 (patch)
tree: dd2dced03c8241c57344ac09af9881c7859f1c51 /nixos/modules/services
parent: 60358cdd9e83d49d4f9f34b2e239bfcaa3d5297b (diff)
download: nixlib-9e2a710117d4ed705e05243dd740586e558d1899.tar
nixlib-9e2a710117d4ed705e05243dd740586e558d1899.tar.gz
nixlib-9e2a710117d4ed705e05243dd740586e558d1899.tar.bz2
nixlib-9e2a710117d4ed705e05243dd740586e558d1899.tar.lz
nixlib-9e2a710117d4ed705e05243dd740586e558d1899.tar.xz
nixlib-9e2a710117d4ed705e05243dd740586e558d1899.tar.zst
nixlib-9e2a710117d4ed705e05243dd740586e558d1899.zip
1 files changed, 20 insertions, 9 deletions
diff --git a/nixos/modules/services/misc/gitolite.nix b/nixos/modules/services/misc/gitolite.nix
index c7f2a168f8ab..cbe2c06ab651 100644
--- a/nixos/modules/services/misc/gitolite.nix
+++ b/nixos/modules/services/misc/gitolite.nix
@@ -143,21 +143,37 @@ in
     users.users.${cfg.user} = {
       description     = "Gitolite user";
       home            = cfg.dataDir;
-      createHome      = true;
       uid             = config.ids.uids.gitolite;
       group           = cfg.group;
       useDefaultShell = true;
     };
     users.groups."${cfg.group}".gid = config.ids.gids.gitolite;
 
+    systemd.tmpfiles.rules = [
+      "d '${cfg.dataDir}' 0750 ${cfg.user} ${cfg.group} - -"
+      "d '${cfg.dataDir}'/.gitolite - ${cfg.user} ${cfg.group} - -"
+      "d '${cfg.dataDir}'/.gitolite/logs - ${cfg.user} ${cfg.group} - -"
+
+      "Z ${cfg.dataDir} 0750 ${cfg.user} ${cfg.group} - -"
+    ];
+
     systemd.services."gitolite-init" = {
       description = "Gitolite initialization";
       wantedBy    = [ "multi-user.target" ];
       unitConfig.RequiresMountsFor = cfg.dataDir;
 
-      serviceConfig.User = "${cfg.user}";
-      serviceConfig.Type = "oneshot";
-      serviceConfig.RemainAfterExit = true;
+      environment = {
+        GITOLITE_RC = ".gitolite.rc";
+        GITOLITE_RC_DEFAULT = "${rcDir}/gitolite.rc.default";
+      };
+
+      serviceConfig = {
+        Type = "oneshot";
+        User = cfg.user;
+        Group = cfg.group;
+        WorkingDirectory = "~";
+        RemainAfterExit = true;
+      };
 
       path = [ pkgs.gitolite pkgs.git pkgs.perl pkgs.bash pkgs.diffutils config.programs.ssh.package ];
       script =
@@ -187,11 +203,6 @@ in
           '';
       in
         ''
-          cd ${cfg.dataDir}
-          mkdir -p .gitolite/logs
-
-          GITOLITE_RC=.gitolite.rc
-          GITOLITE_RC_DEFAULT=${rcDir}/gitolite.rc.default
           if ( [[ ! -e "$GITOLITE_RC" ]] && [[ ! -L "$GITOLITE_RC" ]] ) ||
              ( [[ -f "$GITOLITE_RC" ]] && diff -q "$GITOLITE_RC" "$GITOLITE_RC_DEFAULT" >/dev/null ) ||
              ( [[ -L "$GITOLITE_RC" ]] && [[ "$(readlink "$GITOLITE_RC")" =~ ^/nix/store/ ]] )
author	bake <bake@192k.pw>	2019-06-22 19:18:51 +0200
committer	Matthieu Coudron <coudron@iij.ad.jp>	2019-08-04 18:47:02 +0900
commit	9e2a710117d4ed705e05243dd740586e558d1899 (patch)
tree	dd2dced03c8241c57344ac09af9881c7859f1c51 /nixos/modules/services
parent	60358cdd9e83d49d4f9f34b2e239bfcaa3d5297b (diff)
download	nixlib-9e2a710117d4ed705e05243dd740586e558d1899.tar nixlib-9e2a710117d4ed705e05243dd740586e558d1899.tar.gz nixlib-9e2a710117d4ed705e05243dd740586e558d1899.tar.bz2 nixlib-9e2a710117d4ed705e05243dd740586e558d1899.tar.lz nixlib-9e2a710117d4ed705e05243dd740586e558d1899.tar.xz nixlib-9e2a710117d4ed705e05243dd740586e558d1899.tar.zst nixlib-9e2a710117d4ed705e05243dd740586e558d1899.zip