The uid split a while back caused the web interface to create GC roots
in /nix/var/nix/gcroots/per-user/hydra-www, where they wouldn't be
purged by hydra-update-gc-roots. Thus restarted builds would
accumulate forever. The fix is to keep the roots in a shared directory
with gid=hydra.
This makes it easy to set environment variables for the Hydra server
(for example, your configuration.nix can use readFile to read an API
token to upload build results somewhere).
Signed-off-by: Austin Seipp <aseipp@pobox.com>
Oops, forgot to add this in f75509099a.
This is necessary because we actually want to run the preStart script as
root (because it chmod/chowns stuff and also needs to create the
database using PostgreSQL's superuser) and the actual creation of the
database as user hydra.
Signed-off-by: aszlig <aszlig@redmoonstudios.org>
The su binary is now in a separate output of the shadow package and
isn't included in the main output path anymore.
But instead of changing the call to use pkgs.su, we're now entirely
dropping the dependency because systemd is already able to execute
processes under a specific user by itself.
Signed-off-by: aszlig <aszlig@redmoonstudios.org>
If PostgreSQL is running on the same system, then the "hydra" user can
can connect without a password (via Unix domain socket
authentication), so no need to set up a password. If PostgreSQL is on
another machine, then creating a user/database won't work anyway.
We really don't need to touch a file in the current working directory
to find files that are older than one month. Since findutils 4.3.3 there
is a -newerXY option which allows to specify timestamps directly (as
with `date --date`).
But even when using a reference file, it really causes confusion if
people look into /root and try to debug where that misterious "r" file
is coming from.
Signed-off-by: aszlig <aszlig@redmoonstudios.org>
Some installations may want to use system-wide sendmail (i.e.
/run/setuid-wrappers/sendmail) and those that want ssmtp can add it to
hydra's path themselves.
Signed-off-by: Shea Levy <shea@shealevy.com>