nixos/redmine: fix permissions & cleanup

This commit is contained in:
Aaron Andersen 2019-02-22 22:55:21 -05:00
parent 01d8894c4d
commit 43258201b9

View file

@ -234,10 +234,33 @@ in
environment.systemPackages = [ cfg.package ]; environment.systemPackages = [ cfg.package ];
# create symlinks for the basic directory layout the redmine package expects
systemd.tmpfiles.rules = [
"d '${cfg.stateDir}' 0750 ${cfg.user} ${cfg.group} - -"
"d '${cfg.stateDir}/cache' 0750 ${cfg.user} ${cfg.group} - -"
"d '${cfg.stateDir}/config' 0750 ${cfg.user} ${cfg.group} - -"
"d '${cfg.stateDir}/files' 0750 ${cfg.user} ${cfg.group} - -"
"d '${cfg.stateDir}/log' 0750 ${cfg.user} ${cfg.group} - -"
"d '${cfg.stateDir}/plugins' 0750 ${cfg.user} ${cfg.group} - -"
"d '${cfg.stateDir}/public' 0750 ${cfg.user} ${cfg.group} - -"
"d '${cfg.stateDir}/public/plugin_assets' 0750 ${cfg.user} ${cfg.group} - -"
"d '${cfg.stateDir}/public/themes' 0750 ${cfg.user} ${cfg.group} - -"
"d '${cfg.stateDir}/tmp' 0750 ${cfg.user} ${cfg.group} - -"
"d /run/redmine - - - - -"
"d /run/redmine/public - - - - -"
"L+ /run/redmine/config - - - - ${cfg.stateDir}/config"
"L+ /run/redmine/files - - - - ${cfg.stateDir}/files"
"L+ /run/redmine/log - - - - ${cfg.stateDir}/log"
"L+ /run/redmine/plugins - - - - ${cfg.stateDir}/plugins"
"L+ /run/redmine/public/plugin_assets - - - - ${cfg.stateDir}/public/plugin_assets"
"L+ /run/redmine/public/themes - - - - ${cfg.stateDir}/public/themes"
"L+ /run/redmine/tmp - - - - ${cfg.stateDir}/tmp"
];
systemd.services.redmine = { systemd.services.redmine = {
after = [ "network.target" (if cfg.database.type == "mysql2" then "mysql.service" else "postgresql.service") ]; after = [ "network.target" (if cfg.database.type == "mysql2" then "mysql.service" else "postgresql.service") ];
wantedBy = [ "multi-user.target" ]; wantedBy = [ "multi-user.target" ];
environment.HOME = "${cfg.package}/share/redmine";
environment.RAILS_ENV = "production"; environment.RAILS_ENV = "production";
environment.RAILS_CACHE = "${cfg.stateDir}/cache"; environment.RAILS_CACHE = "${cfg.stateDir}/cache";
environment.REDMINE_LANG = "en"; environment.REDMINE_LANG = "en";
@ -252,28 +275,16 @@ in
subversion subversion
]; ];
preStart = '' preStart = ''
# ensure cache directory exists for db:migrate command rm -rf "${cfg.stateDir}/plugins/"*
mkdir -p "${cfg.stateDir}/cache" rm -rf "${cfg.stateDir}/public/themes/"*
# create the basic directory layout the redmine package expects
mkdir -p /run/redmine/public
for i in config files log plugins tmp; do
mkdir -p "${cfg.stateDir}/$i"
ln -fs "${cfg.stateDir}/$i" /run/redmine/
done
for i in plugin_assets themes; do
mkdir -p "${cfg.stateDir}/public/$i"
ln -fs "${cfg.stateDir}/public/$i" /run/redmine/public/
done
# start with a fresh config directory # start with a fresh config directory
# the config directory is copied instead of linked as some mutable data is stored in there # the config directory is copied instead of linked as some mutable data is stored in there
rm -rf "${cfg.stateDir}/config/"* find "${cfg.stateDir}/config" ! -name "secret_token.rb" -type f -exec rm -f {} +
cp -r ${cfg.package}/share/redmine/config.dist/* "${cfg.stateDir}/config/" cp -r ${cfg.package}/share/redmine/config.dist/* "${cfg.stateDir}/config/"
chmod -R u+w "${cfg.stateDir}/config"
# link in the application configuration # link in the application configuration
ln -fs ${configurationYml} "${cfg.stateDir}/config/configuration.yml" ln -fs ${configurationYml} "${cfg.stateDir}/config/configuration.yml"
@ -282,7 +293,6 @@ in
# link in all user specified themes # link in all user specified themes
rm -rf "${cfg.stateDir}/public/themes/"*
for theme in ${concatStringsSep " " (mapAttrsToList unpackTheme cfg.themes)}; do for theme in ${concatStringsSep " " (mapAttrsToList unpackTheme cfg.themes)}; do
ln -fs $theme/* "${cfg.stateDir}/public/themes" ln -fs $theme/* "${cfg.stateDir}/public/themes"
done done
@ -292,16 +302,11 @@ in
# link in all user specified plugins # link in all user specified plugins
rm -rf "${cfg.stateDir}/plugins/"*
for plugin in ${concatStringsSep " " (mapAttrsToList unpackPlugin cfg.plugins)}; do for plugin in ${concatStringsSep " " (mapAttrsToList unpackPlugin cfg.plugins)}; do
ln -fs $plugin/* "${cfg.stateDir}/plugins/''${plugin##*-redmine-plugin-}" ln -fs $plugin/* "${cfg.stateDir}/plugins/''${plugin##*-redmine-plugin-}"
done done
# ensure correct permissions for most files
chmod -R ug+rwX,o-rwx+x "${cfg.stateDir}/"
# handle database.passwordFile & permissions # handle database.passwordFile & permissions
DBPASS=$(head -n1 ${cfg.database.passwordFile}) DBPASS=$(head -n1 ${cfg.database.passwordFile})
cp -f ${databaseYml} "${cfg.stateDir}/config/database.yml" cp -f ${databaseYml} "${cfg.stateDir}/config/database.yml"
@ -315,25 +320,13 @@ in
chmod 440 "${cfg.stateDir}/config/initializers/secret_token.rb" chmod 440 "${cfg.stateDir}/config/initializers/secret_token.rb"
fi fi
# ensure everything is owned by ${cfg.user}
chown -R ${cfg.user}:${cfg.group} "${cfg.stateDir}"
# execute redmine required commands prior to starting the application # execute redmine required commands prior to starting the application
# NOTE: su required in case using mysql socket authentication ${bundle} exec rake db:migrate
/run/wrappers/bin/su -s ${pkgs.bash}/bin/bash -m -l redmine -c '${bundle} exec rake db:migrate' ${bundle} exec rake redmine:plugins:migrate
/run/wrappers/bin/su -s ${pkgs.bash}/bin/bash -m -l redmine -c '${bundle} exec rake redmine:plugins:migrate' ${bundle} exec rake redmine:load_default_data
/run/wrappers/bin/su -s ${pkgs.bash}/bin/bash -m -l redmine -c '${bundle} exec rake redmine:load_default_data'
# log files don't exist until after first command has been executed
# correct ownership of files generated by calling exec rake ...
chown -R ${cfg.user}:${cfg.group} "${cfg.stateDir}/log"
''; '';
serviceConfig = { serviceConfig = {
PermissionsStartOnly = true; # preStart must be run as root
Type = "simple"; Type = "simple";
User = cfg.user; User = cfg.user;
Group = cfg.group; Group = cfg.group;
@ -348,7 +341,6 @@ in
{ name = "redmine"; { name = "redmine";
group = cfg.group; group = cfg.group;
home = cfg.stateDir; home = cfg.stateDir;
createHome = true;
uid = config.ids.uids.redmine; uid = config.ids.uids.redmine;
}); });