From fcfd097e658a2c44bb1a6950d04ecd4c508b3c0f Mon Sep 17 00:00:00 2001 From: Vincent Ambo Date: Mon, 11 Jul 2022 11:15:14 +0000 Subject: refactor(ops/cgit): make user configurable on whitby, cgit runs as the gerrit user to get access to serving gerrit's repositories directly. on other machines (e.g. sanduny) this isn't necessary, as we have a world-readable depot replica. Change-Id: Ibf7e7cc08e5909e0fa182e561ab0cb472188edcb Reviewed-on: https://cl.tvl.fyi/c/depot/+/5932 Tested-by: BuildkiteCI Reviewed-by: sterni --- ops/modules/cgit.nix | 22 +++++++++++++++++++--- 1 file changed, 19 insertions(+), 3 deletions(-) (limited to 'ops/modules') diff --git a/ops/modules/cgit.nix b/ops/modules/cgit.nix index 25318d1d723e..fc3f17158579 100644 --- a/ops/modules/cgit.nix +++ b/ops/modules/cgit.nix @@ -3,6 +3,14 @@ let cfg = config.services.depot.cgit; + + userConfig = + if builtins.isNull cfg.user then { + DynamicUser = true; + } else { + User = cfg.user; + Group = cfg.user; + }; in { options.services.depot.cgit = with lib; { @@ -19,6 +27,16 @@ in type = types.str; default = "/var/lib/gerrit/git/depot.git/"; }; + + user = mkOption { + description = '' + User to use for the cgit service. It is expected that this is + also the name of the user's primary group. + ''; + + type = with types; nullOr str; + default = null; + }; }; config = lib.mkIf cfg.enable { @@ -27,13 +45,11 @@ in serviceConfig = { Restart = "on-failure"; - User = "git"; - Group = "git"; ExecStart = depot.web.cgit-tvl.override { inherit (cfg) port repo; }; - }; + } // userConfig; }; }; } -- cgit 1.4.1