From 0e90a05a526be87ecf8c3d8d3849bd42d1cd4539 Mon Sep 17 00:00:00 2001
From: Rodney Lorrimar <dev@rodney.id.au>
Date: Sun, 23 Apr 2017 15:02:08 +0100
Subject: [PATCH] gogs service: generate the secret key only once, then reuse

---
 nixos/modules/services/misc/gogs.nix | 10 ++++++++--
 1 file changed, 8 insertions(+), 2 deletions(-)

diff --git a/nixos/modules/services/misc/gogs.nix b/nixos/modules/services/misc/gogs.nix
index 76e6254856b9..e966a50b9ec9 100644
--- a/nixos/modules/services/misc/gogs.nix
+++ b/nixos/modules/services/misc/gogs.nix
@@ -180,17 +180,23 @@ in
 
       preStart = let
         runConfig = "${cfg.stateDir}/custom/conf/app.ini";
+        secretKey = "${cfg.stateDir}/custom/conf/secret_key";
       in ''
         # copy custom configuration and generate a random secret key if needed
         ${optionalString (cfg.useWizard == false) ''
           mkdir -p ${cfg.stateDir}/custom/conf
           cp -f ${configFile} ${runConfig}
-          KEY=$(head -c 16 /dev/urandom | base64)
+
+          if [ ! -e ${secretKey} ]; then
+              head -c 16 /dev/urandom | base64 > ${secretKey}
+          fi
+
+          KEY=$(head -n1 ${secretKey})
           DBPASS=$(head -n1 ${cfg.database.passwordFile})
           sed -e "s,#secretkey#,$KEY,g" \
               -e "s,#dbpass#,$DBPASS,g" \
               -i ${runConfig}
-          chmod 440 ${runConfig}
+          chmod 440 ${runConfig} ${secretKey}
         ''}
 
         mkdir -p ${cfg.repositoryRoot}