nixos/gitea: Add option to supply the metrics token via file
This commit is contained in:
parent
4d675aec00
commit
b59e5a34e7
|
@ -246,6 +246,13 @@ in
|
||||||
description = lib.mdDoc "Path to a file containing the SMTP password.";
|
description = lib.mdDoc "Path to a file containing the SMTP password.";
|
||||||
};
|
};
|
||||||
|
|
||||||
|
metricsTokenFile = mkOption {
|
||||||
|
type = types.nullOr types.str;
|
||||||
|
default = null;
|
||||||
|
example = "/var/lib/secrets/gitea/metrics_token";
|
||||||
|
description = lib.mdDoc "Path to a file containing the metrics authentication token.";
|
||||||
|
};
|
||||||
|
|
||||||
settings = mkOption {
|
settings = mkOption {
|
||||||
default = {};
|
default = {};
|
||||||
description = lib.mdDoc ''
|
description = lib.mdDoc ''
|
||||||
|
@ -433,6 +440,10 @@ in
|
||||||
PASSWD = "#mailerpass#";
|
PASSWD = "#mailerpass#";
|
||||||
};
|
};
|
||||||
|
|
||||||
|
metrics = mkIf (cfg.metricsTokenFile != null) {
|
||||||
|
TOKEN = "#metricstoken#";
|
||||||
|
};
|
||||||
|
|
||||||
oauth2 = {
|
oauth2 = {
|
||||||
JWT_SECRET = "#oauth2jwtsecret#";
|
JWT_SECRET = "#oauth2jwtsecret#";
|
||||||
};
|
};
|
||||||
|
@ -559,6 +570,10 @@ in
|
||||||
${lib.optionalString (cfg.mailerPasswordFile != null) ''
|
${lib.optionalString (cfg.mailerPasswordFile != null) ''
|
||||||
${replaceSecretBin} '#mailerpass#' '${cfg.mailerPasswordFile}' '${runConfig}'
|
${replaceSecretBin} '#mailerpass#' '${cfg.mailerPasswordFile}' '${runConfig}'
|
||||||
''}
|
''}
|
||||||
|
|
||||||
|
${lib.optionalString (cfg.metricsTokenFile != null) ''
|
||||||
|
${replaceSecretBin} '#metricstoken#' '${cfg.metricsTokenFile}' '${runConfig}'
|
||||||
|
''}
|
||||||
chmod u-w '${runConfig}'
|
chmod u-w '${runConfig}'
|
||||||
}
|
}
|
||||||
(umask 027; gitea_setup)
|
(umask 027; gitea_setup)
|
||||||
|
|
|
@ -35,9 +35,11 @@ let
|
||||||
enable = true;
|
enable = true;
|
||||||
database = { inherit type; };
|
database = { inherit type; };
|
||||||
package = giteaPackage;
|
package = giteaPackage;
|
||||||
|
metricsTokenFile = (pkgs.writeText "metrics_secret" "fakesecret").outPath;
|
||||||
settings.service.DISABLE_REGISTRATION = true;
|
settings.service.DISABLE_REGISTRATION = true;
|
||||||
settings."repository.signing".SIGNING_KEY = signingPrivateKeyId;
|
settings."repository.signing".SIGNING_KEY = signingPrivateKeyId;
|
||||||
settings.actions.ENABLED = true;
|
settings.actions.ENABLED = true;
|
||||||
|
settings.metrics.ENABLED = true;
|
||||||
};
|
};
|
||||||
environment.systemPackages = [ giteaPackage pkgs.gnupg pkgs.jq ];
|
environment.systemPackages = [ giteaPackage pkgs.gnupg pkgs.jq ];
|
||||||
services.openssh.enable = true;
|
services.openssh.enable = true;
|
||||||
|
@ -143,6 +145,12 @@ let
|
||||||
+ '-H "Accept: application/json" | jq length)" = "1"'
|
+ '-H "Accept: application/json" | jq length)" = "1"'
|
||||||
)
|
)
|
||||||
|
|
||||||
|
with subtest("Testing metrics endpoint"):
|
||||||
|
server.succeed('curl '
|
||||||
|
+ '-H "Authorization: Bearer fakesecret" '
|
||||||
|
+ 'http://localhost:3000/metrics '
|
||||||
|
+ '| grep gitea_accesses')
|
||||||
|
|
||||||
with subtest("Testing runner registration"):
|
with subtest("Testing runner registration"):
|
||||||
server.succeed(
|
server.succeed(
|
||||||
"su -l gitea -c 'GITEA_WORK_DIR=/var/lib/gitea gitea actions generate-runner-token' | sed 's/^/TOKEN=/' | tee /var/lib/gitea/runner_token"
|
"su -l gitea -c 'GITEA_WORK_DIR=/var/lib/gitea gitea actions generate-runner-token' | sed 's/^/TOKEN=/' | tee /var/lib/gitea/runner_token"
|
||||||
|
|
Loading…
Reference in New Issue
Block a user