sanin.dev / core
forked from tangled.org/core
this repo has no description
fork atom

nix/modules/knot: don't use an activation script to set up git user home

It's unidiomatic, and doesn't allow extension by way of changing the
systemd service options (like is done in the following commit).

Signed-off-by: Winter <winter@winter.cafe>

authored by winter.bsky.social and committed by Tangled ecd7277d 9200ee97

options
unified split
Changed files
+27 -24
nix
modules
knot.nix
+27 -24
nix/modules/knot.nix
··· 126 cfg.package 127 ]; 128 129 - system.activationScripts.gitConfig = let 130 - setMotd = 131 - if cfg.motdFile != null && cfg.motd != null 132 - then throw "motdFile and motd cannot be both set" 133 - else '' 134 - ${optionalString (cfg.motdFile != null) "cat ${cfg.motdFile} > ${cfg.stateDir}/motd"} 135 - ${optionalString (cfg.motd != null) ''printf "${cfg.motd}" > ${cfg.stateDir}/motd''} 136 - ''; 137 - in '' 138 - mkdir -p "${cfg.repo.scanPath}" 139 - chown -R ${cfg.gitUser}:${cfg.gitUser} "${cfg.repo.scanPath}" 140 - 141 - mkdir -p "${cfg.stateDir}/.config/git" 142 - cat > "${cfg.stateDir}/.config/git/config" << EOF 143 - [user] 144 - name = Git User 145 - email = git@example.com 146 - [receive] 147 - advertisePushOptions = true 148 - EOF 149 - ${setMotd} 150 - chown -R ${cfg.gitUser}:${cfg.gitUser} "${cfg.stateDir}" 151 - ''; 152 - 153 users.users.${cfg.gitUser} = { 154 isSystemUser = true; 155 useDefaultShell = true; ··· 185 description = "knot service"; 186 after = ["network.target" "sshd.service"]; 187 wantedBy = ["multi-user.target"]; 188 serviceConfig = { 189 User = cfg.gitUser; 190 WorkingDirectory = cfg.stateDir; 191 Environment = [ 192 "KNOT_REPO_SCAN_PATH=${cfg.repo.scanPath}"
··· 126 cfg.package 127 ]; 128 129 users.users.${cfg.gitUser} = { 130 isSystemUser = true; 131 useDefaultShell = true; ··· 161 description = "knot service"; 162 after = ["network.target" "sshd.service"]; 163 wantedBy = ["multi-user.target"]; 164 + enableStrictShellChecks = true; 165 + 166 + preStart = let 167 + setMotd = 168 + if cfg.motdFile != null && cfg.motd != null 169 + then throw "motdFile and motd cannot be both set" 170 + else '' 171 + ${optionalString (cfg.motdFile != null) "cat ${cfg.motdFile} > ${cfg.stateDir}/motd"} 172 + ${optionalString (cfg.motd != null) ''printf "${cfg.motd}" > ${cfg.stateDir}/motd''} 173 + ''; 174 + in '' 175 + mkdir -p "${cfg.repo.scanPath}" 176 + chown -R ${cfg.gitUser}:${cfg.gitUser} "${cfg.repo.scanPath}" 177 + 178 + mkdir -p "${cfg.stateDir}/.config/git" 179 + cat > "${cfg.stateDir}/.config/git/config" << EOF 180 + [user] 181 + name = Git User 182 + email = git@example.com 183 + [receive] 184 + advertisePushOptions = true 185 + EOF 186 + ${setMotd} 187 + chown -R ${cfg.gitUser}:${cfg.gitUser} "${cfg.stateDir}" 188 + ''; 189 + 190 serviceConfig = { 191 User = cfg.gitUser; 192 + PermissionsStartOnly = true; 193 WorkingDirectory = cfg.stateDir; 194 Environment = [ 195 "KNOT_REPO_SCAN_PATH=${cfg.repo.scanPath}"