diff options
| author | Aaron Andersen <aaron@fosslib.net> | 2021-03-12 20:42:09 -0500 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2021-03-12 20:42:09 -0500 |
| commit | 5a24206e17857c91f896cb343d2d8981e5ba4ea0 (patch) | |
| tree | 7b0ba2048830f0443252b3d76ca2f98a6b59d681 /nixos | |
| parent | 4786ad90598412eb8da313e1d2f9c08687a7d527 (diff) | |
| parent | dac07be800a8f76757eee153e0e7424d18c5c08f (diff) | |
Merge pull request #111030 from cript0nauta/miniflux-sudo
nixos/miniflux: don't depend on sudo
Diffstat (limited to 'nixos')
| -rw-r--r-- | nixos/modules/services/web-apps/miniflux.nix | 24 | ||||
| -rw-r--r-- | nixos/tests/miniflux.nix | 14 |
2 files changed, 31 insertions, 7 deletions
diff --git a/nixos/modules/services/web-apps/miniflux.nix b/nixos/modules/services/web-apps/miniflux.nix index 62906d5e6a0c..01710b1bd59c 100644 --- a/nixos/modules/services/web-apps/miniflux.nix +++ b/nixos/modules/services/web-apps/miniflux.nix @@ -14,17 +14,16 @@ let ADMIN_PASSWORD=password ''; - pgsu = "${pkgs.sudo}/bin/sudo -u ${config.services.postgresql.superUser}"; pgbin = "${config.services.postgresql.package}/bin"; preStart = pkgs.writeScript "miniflux-pre-start" '' #!${pkgs.runtimeShell} db_exists() { - [ "$(${pgsu} ${pgbin}/psql -Atc "select 1 from pg_database where datname='$1'")" == "1" ] + [ "$(${pgbin}/psql -Atc "select 1 from pg_database where datname='$1'")" == "1" ] } if ! db_exists "${dbName}"; then - ${pgsu} ${pgbin}/psql postgres -c "CREATE ROLE ${dbUser} WITH LOGIN NOCREATEDB NOCREATEROLE ENCRYPTED PASSWORD '${dbPassword}'" - ${pgsu} ${pgbin}/createdb --owner "${dbUser}" "${dbName}" - ${pgsu} ${pgbin}/psql "${dbName}" -c "CREATE EXTENSION IF NOT EXISTS hstore" + ${pgbin}/psql postgres -c "CREATE ROLE ${dbUser} WITH LOGIN NOCREATEDB NOCREATEROLE ENCRYPTED PASSWORD '${dbPassword}'" + ${pgbin}/createdb --owner "${dbUser}" "${dbName}" + ${pgbin}/psql "${dbName}" -c "CREATE EXTENSION IF NOT EXISTS hstore" fi ''; in @@ -73,15 +72,26 @@ in services.postgresql.enable = true; + systemd.services.miniflux-dbsetup = { + description = "Miniflux database setup"; + wantedBy = [ "multi-user.target" ]; + requires = [ "postgresql.service" ]; + after = [ "network.target" "postgresql.service" ]; + serviceConfig = { + Type = "oneshot"; + User = config.services.postgresql.superUser; + ExecStart = preStart; + }; + }; + systemd.services.miniflux = { description = "Miniflux service"; wantedBy = [ "multi-user.target" ]; requires = [ "postgresql.service" ]; - after = [ "network.target" "postgresql.service" ]; + after = [ "network.target" "postgresql.service" "miniflux-dbsetup.service" ]; serviceConfig = { ExecStart = "${pkgs.miniflux}/bin/miniflux"; - ExecStartPre = "+${preStart}"; DynamicUser = true; RuntimeDirectory = "miniflux"; RuntimeDirectoryMode = "0700"; diff --git a/nixos/tests/miniflux.nix b/nixos/tests/miniflux.nix index 9f8b52c3c857..797a2787d1aa 100644 --- a/nixos/tests/miniflux.nix +++ b/nixos/tests/miniflux.nix @@ -20,6 +20,13 @@ with lib; services.miniflux.enable = true; }; + withoutSudo = + { ... }: + { + services.miniflux.enable = true; + security.sudo.enable = false; + }; + customized = { ... }: { @@ -46,6 +53,13 @@ with lib; "curl 'http://localhost:${toString defaultPort}/v1/me' -u '${defaultUsername}:${defaultPassword}' -H Content-Type:application/json | grep -q '\"is_admin\":true'" ) + withoutSudo.wait_for_unit("miniflux.service") + withoutSudo.wait_for_open_port(${toString defaultPort}) + withoutSudo.succeed("curl --fail 'http://localhost:${toString defaultPort}/healthcheck' | grep -q OK") + withoutSudo.succeed( + "curl 'http://localhost:${toString defaultPort}/v1/me' -u '${defaultUsername}:${defaultPassword}' -H Content-Type:application/json | grep -q '\"is_admin\":true'" + ) + customized.wait_for_unit("miniflux.service") customized.wait_for_open_port(${toString port}) customized.succeed("curl --fail 'http://localhost:${toString port}/healthcheck' | grep -q OK") |