movefasta/nixpkgs
0
0
Fork 0
mirror of https://github.com/NixOS/nixpkgs.git synced 2025-07-12 05:16:25 +03:00
Code Activity

plausible: use loadcredentials

Browse source 
plausible: service fixes, remove console attempt

plausible: fix yarn.nix call
This commit is contained in:
happysalada 2021-10-30 21:58:21 +09:00
parent 3886aa3535
commit 9c71958cfa
1 changed files with 34 additions and 42 deletions
Download patch file Download diff file Expand all files Collapse all files

76
nixos/modules/services/web-apps/plausible.nix
View file

@ -5,19 +5,6 @@ with lib;
let let
cfg = config.services.plausible; cfg = config.services.plausible;
# FIXME consider using LoadCredential as soon as it actually works.
envSecrets = ''
ADMIN_USER_PWD="$(<${cfg.adminUser.passwordFile})"
export ADMIN_USER_PWD # separate export to make `set -e` work
SECRET_KEY_BASE="$(<${cfg.server.secretKeybaseFile})"
export SECRET_KEY_BASE # separate export to make `set -e` work
${optionalString (cfg.mail.smtp.passwordFile != null) ''
SMTP_USER_PWD="$(<${cfg.mail.smtp.passwordFile})"
export SMTP_USER_PWD # separate export to make `set -e` work
''}
'';
in { in {
options.services.plausible = { options.services.plausible = {
enable = mkEnableOption "plausible"; enable = mkEnableOption "plausible";
@ -184,13 +171,15 @@ in {
enable = true; enable = true;
}; };
services.epmd.enable = true;
systemd.services = mkMerge [ systemd.services = mkMerge [
{ {
plausible = { plausible = {
inherit (pkgs.plausible.meta) description; inherit (pkgs.plausible.meta) description;
documentation = [ "https://plausible.io/docs/self-hosting" ]; documentation = [ "https://plausible.io/docs/self-hosting" ];
wantedBy = [ "multi-user.target" ]; wantedBy = [ "multi-user.target" ];
after = optional cfg.database.postgres.setup "plausible-postgres.service"; after = optionals cfg.database.postgres.setup [ "postgresql.service" "plausible-postgres.service" ];
requires = optional cfg.database.clickhouse.setup "clickhouse.service" requires = optional cfg.database.clickhouse.setup "clickhouse.service"
++ optionals cfg.database.postgres.setup [ ++ optionals cfg.database.postgres.setup [
"postgresql.service" "postgresql.service"
@ -200,7 +189,7 @@ in {
environment = { environment = {
# NixOS specific option to avoid that it's trying to write into its store-path. # NixOS specific option to avoid that it's trying to write into its store-path.
# See also https://github.com/lau/tzdata#data-directory-and-releases # See also https://github.com/lau/tzdata#data-directory-and-releases
TZDATA_DIR = "/var/lib/plausible/elixir_tzdata"; STORAGE_DIR = "/var/lib/plausible/elixir_tzdata";
# Configuration options from # Configuration options from
# https://plausible.io/docs/self-hosting-configuration # https://plausible.io/docs/self-hosting-configuration
@ -231,28 +220,29 @@ in {
path = [ pkgs.plausible ] path = [ pkgs.plausible ]
++ optional cfg.database.postgres.setup config.services.postgresql.package; ++ optional cfg.database.postgres.setup config.services.postgresql.package;
script = ''
export CONFIG_DIR=$CREDENTIALS_DIRECTORY
# setup
${pkgs.plausible}/createdb.sh
${pkgs.plausible}/migrate.sh
${optionalString cfg.adminUser.activate ''
if ! ${pkgs.plausible}/init-admin.sh | grep 'already exists'; then
psql -d plausible <<< "UPDATE users SET email_verified=true;"
fi
''}
plausible start
'';
serviceConfig = { serviceConfig = {
DynamicUser = true; DynamicUser = true;
PrivateTmp = true; PrivateTmp = true;
WorkingDirectory = "/var/lib/plausible"; WorkingDirectory = "/var/lib/plausible";
StateDirectory = "plausible"; StateDirectory = "plausible";
ExecStartPre = "@${pkgs.writeShellScript "plausible-setup" '' LoadCredential = [
set -eu -o pipefail "ADMIN_USER_PWD:${cfg.adminUser.passwordFile}"
${envSecrets} "SECRET_KEY_BASE:${cfg.server.secretKeybaseFile}"
${pkgs.plausible}/createdb.sh ] ++ lib.optionals (cfg.mail.smtp.passwordFile != null) [ "SMTP_USER_PWD:${cfg.mail.smtp.passwordFile}"];
${pkgs.plausible}/migrate.sh
${optionalString cfg.adminUser.activate ''
if ! ${pkgs.plausible}/init-admin.sh | grep 'already exists'; then
psql -d plausible <<< "UPDATE users SET email_verified=true;"
fi
''}
''} plausible-setup";
ExecStart = "@${pkgs.writeShellScript "plausible" ''
set -eu -o pipefail
${envSecrets}
plausible start
''} plausible";
}; };
}; };
} }
@ -260,20 +250,22 @@ in {
# `plausible' requires the `citext'-extension. # `plausible' requires the `citext'-extension.
plausible-postgres = { plausible-postgres = {
after = [ "postgresql.service" ]; after = [ "postgresql.service" ];
bindsTo = [ "postgresql.service" ];
requiredBy = [ "plausible.service" ];
partOf = [ "plausible.service" ]; partOf = [ "plausible.service" ];
serviceConfig.Type = "oneshot"; serviceConfig = {
unitConfig.ConditionPathExists = "!/var/lib/plausible/.db-setup"; Type = "oneshot";
script = '' User = config.services.postgresql.superUser;
mkdir -p /var/lib/plausible/ RemainAfterExit = true;
};
script = with cfg.database.postgres; ''
PSQL() { PSQL() {
/run/wrappers/bin/sudo -Hu postgres ${config.services.postgresql.package}/bin/psql --port=5432 "$@" ${config.services.postgresql.package}/bin/psql --port=5432 "$@"
} }
PSQL -tAc "CREATE ROLE plausible WITH LOGIN;" # check if the database already exists
PSQL -tAc "CREATE DATABASE plausible WITH OWNER plausible;" if ! PSQL -lqt | ${pkgs.coreutils}/bin/cut -d \| -f 1 | ${pkgs.gnugrep}/bin/grep -qw ${dbname} ; then
PSQL -d plausible -tAc "CREATE EXTENSION IF NOT EXISTS citext;" PSQL -tAc "CREATE ROLE plausible WITH LOGIN;"
touch /var/lib/plausible/.db-setup PSQL -tAc "CREATE DATABASE ${dbname} WITH OWNER plausible;"
PSQL -d ${dbname} -tAc "CREATE EXTENSION IF NOT EXISTS citext;"
fi
''; '';
}; };
}) })