soopy.moe / knotserver-module
This repository has no description
0
Fork 0

Configure Feed

Select the types of activity you want to include in your feed.

module: add git config to preStart

see upstream commit 176b59e8

author
Cassie Cheung date (Mar 18, 2025, 5:36 PM +0800) commit c450e3ea parent aa4fb2a9
+42 -12
+42 -12
module.nix
··· 34 34 35 35 in 36 36 { 37 + imports = [ 38 + (lib.mkRenamedOptionModule ["services" "tangled-knotserver" "gitUser"] ["services" "tangled-knotserver" "user"]) 39 + ]; 40 + 37 41 options = { 38 42 services.tangled-knotserver = { 39 43 enable = mkOption { ··· 48 52 description = "Appview endpoint"; 49 53 }; 50 54 51 - gitUser = mkOption { 55 + user = mkOption { 52 56 type = types.str; 53 57 default = "git"; 54 - description = "User that hosts git repos and performs git operations"; 58 + description = "User that runs the server, hosts git repos and performs git operations"; 59 + }; 60 + 61 + git = { 62 + name = mkOption { 63 + type = types.str; 64 + default = "Tangled Knot daemon"; 65 + description = "Git username for git operations that requires one."; 66 + }; 67 + email = mkOption { 68 + type = types.str; 69 + default = "knot@example.invalid"; 70 + description = "Git email address for git operations that requires one."; 71 + }; 55 72 }; 56 73 57 74 repo = { 58 75 scanPath = mkOption { 59 76 type = types.path; 60 77 default = "/var/lib/tangled-knot"; 61 - description = "Path where repositories are scanned from"; 78 + description = "Path where repositories are stored"; 62 79 }; 63 80 64 81 mainBranch = mkOption { ··· 110 127 KNOT_SERVER_SECRET = "verysecuresecret"; 111 128 } 112 129 ''; 113 - description = "Additional environment variables. Use `environmentFile` for secrets."; 130 + description = '' 131 + Additional environment variables. Use `environmentFile` for secrets. 132 + 133 + `KNOT_SERVER_SECRET` must be set for the knotserver to work, and can be obtained from 134 + [this page](https://tangled.sh/knots). Please set this with environmentFile instead of setting it here 135 + directly. 136 + ''; 114 137 }; 115 138 116 139 extraSshdConfig = mkOption { ··· 145 168 146 169 environment.systemPackages = with pkgs; [ git ]; 147 170 148 - users.users.${cfg.gitUser} = { 171 + users.users.${cfg.user} = { 149 172 home = cfg.repo.scanPath; 150 - group = cfg.gitUser; 173 + group = cfg.user; 151 174 isSystemUser = true; 152 175 useDefaultShell = true; 153 176 }; 154 177 155 - users.groups.${cfg.gitUser} = { }; 178 + users.groups.${cfg.user} = { }; 156 179 157 180 systemd.services.knotserver = { 158 181 description = "knotserver service"; 182 + path = [pkgs.git]; 159 183 after = [ 160 184 "network-online.target" 161 185 "sshd.service" ··· 165 189 "sshd.service" 166 190 ]; 167 191 wantedBy = [ "multi-user.target" ]; 192 + 193 + preStart = '' 194 + git config --global user.name "${cfg.git.name}" 195 + git config --global user.email "${cfg.git.email}" 196 + ''; 197 + 168 198 serviceConfig = { 169 - User = cfg.gitUser; 199 + User = cfg.user; 170 200 WorkingDirectory = cfg.repo.scanPath; 171 201 ExecStart = lib.getExe' tangledPkgs.knotserver "knotserver"; 172 202 Restart = "always"; ··· 187 217 188 218 systemd.tmpfiles.settings."knotserver-settings"."/var/log/knotserver"."d" = { 189 219 mode = "0750"; 190 - user = config.users.users.${cfg.gitUser}.name; 191 - group = config.users.groups.${cfg.gitUser}.name; 220 + user = config.users.users.${cfg.user}.name; 221 + group = config.users.groups.${cfg.user}.name; 192 222 }; 193 223 194 224 services.openssh = { 195 225 enable = true; 196 226 extraConfig = '' 197 - Match User ${cfg.gitUser} 227 + Match User ${cfg.user} 198 228 AuthorizedKeysCommand ${config.security.wrapperDir}/keyfetch 199 229 AuthorizedKeysCommandUser nobody 200 230 ${cfg.extraSshdConfig} ··· 204 234 # get around openssh restrictions 205 235 security.wrappers.keyfetch = { 206 236 owner = "root"; 207 - group = config.users.groups.${cfg.gitUser}.name; 237 + group = config.users.groups.${cfg.user}.name; 208 238 permissions = "u+rx,go+x"; 209 239 source = lib.getExe' wrapped-packages "keyfetch"; 210 240 };