declarative hydra users
This commit is contained in:
Jörg Thalheim
parent
5b8217986e
commit
17c824a774
3 changed files with 29 additions and 4 deletions
|
|
@ -7,6 +7,7 @@ let
|
|||
hydraPort = 3000;
|
||||
hydraAdmin = "admin";
|
||||
hydraAdminPasswordFile = "/run/keys/hydra-admin-password";
|
||||
hydraUsersFile = "/run/keys/hydra-users";
|
||||
|
||||
createDeclarativeProjectScript = pkgs.stdenv.mkDerivation {
|
||||
name = "create-declarative-project";
|
||||
|
|
@ -27,6 +28,15 @@ in
|
|||
description = "The initial password for the Hydra admin account";
|
||||
};
|
||||
|
||||
usersFile = mkOption {
|
||||
type = types.str;
|
||||
description = ''
|
||||
declarative user accounts for hydra.
|
||||
format: user;role;password-hash;email-address;full-name
|
||||
Password hash is computed by applying sha1 to the password.
|
||||
'';
|
||||
};
|
||||
|
||||
declarativeProjects = mkOption {
|
||||
description = "Declarative projects";
|
||||
default = { };
|
||||
|
|
@ -92,6 +102,7 @@ in
|
|||
port = hydraPort;
|
||||
useSubstitutes = true;
|
||||
adminPasswordFile = hydraAdminPasswordFile;
|
||||
usersFile = hydraUsersFile;
|
||||
extraConfig = ''
|
||||
max_output_size = ${builtins.toString (8 * 1024 * 1024 * 1024)}
|
||||
'';
|
||||
|
|
@ -121,7 +132,7 @@ in
|
|||
};
|
||||
|
||||
# Create a admin user and configure a declarative project
|
||||
systemd.services.hydra-post-init = mkIf (cfg.services.hydra.adminPasswordFile != null) {
|
||||
systemd.services.hydra-post-init = {
|
||||
serviceConfig = {
|
||||
Type = "oneshot";
|
||||
TimeoutStartSec = "60";
|
||||
|
|
@ -135,14 +146,23 @@ in
|
|||
path = with pkgs; [ hydra-unstable netcat ];
|
||||
script = ''
|
||||
set -e
|
||||
export HYDRA_ADMIN_PASSWORD=$(cat ${cfg.services.hydra.adminPasswordFile})
|
||||
while IFS=; read -r user role passwordhash email fullname; do
|
||||
opts=("$user" "--role" "$role" "--password-hash" "$passwordhash")
|
||||
if [[ -n "$email" ]]; then
|
||||
opts+=("--email-address" "$email")
|
||||
fi
|
||||
if [[ -n "$fullname" ]]; then
|
||||
opts+=("--full-name" "$fullname")
|
||||
fi
|
||||
hydra-create-user "$opts{@}"
|
||||
done < ${cfg.services.hydra.usersFile}
|
||||
|
||||
hydra-create-user ${hydraAdmin} --role admin --password $HYDRA_ADMIN_PASSWORD
|
||||
while ! nc -z localhost ${toString hydraPort}; do
|
||||
sleep 1
|
||||
done
|
||||
|
||||
export URL=http://localhost:${toString hydraPort}
|
||||
export HYDRA_ADMIN_PASSWORD=$(cat ${cfg.services.hydra.adminPasswordFile})
|
||||
export URL=http://localhost:${toString hydraPort}
|
||||
'' +
|
||||
(concatStringsSep "\n" (mapAttrsToList
|
||||
(n: v: ''
|
||||
|
|
|
|||
|
|
@ -103,6 +103,11 @@ in
|
|||
permissions = "0400";
|
||||
};
|
||||
|
||||
deployment.keys.hydra-users = {
|
||||
text = secrets.hydra-users;
|
||||
user = "hydra";
|
||||
permissions = "0400";
|
||||
};
|
||||
};
|
||||
|
||||
build02 =
|
||||
|
|
|
|||
BIN
secrets/hydra-users
Normal file
BIN
secrets/hydra-users
Normal file
Binary file not shown.
Loading…
Add table
Reference in a new issue