config = lib.mkIf cfg.enable {
nixpkgs.overlays = [ self.overlay ];
+ systemd.services.etherpad-lite-cleanup = {
+ description = "Etherpad-lite cleanup old mypads";
+ after = [ "network.target" "postgresql.service" ];
+ wants = [ "postgresql.service" ];
+
+ environment.NODE_ENV = "production";
+ environment.HOME = cfg.workdir;
+
+ path = [ cfg.workdir.nodejs ];
+
+ script = ''
+ exec ${cfg.workdir.nodejs}/bin/node ${cfg.workdir}/node_modules/ep_mypads/scripts/mypads-jobqueue-minion.js \
+ --settings ${cfg.configFile} \
+ --oneshot
+ '';
+
+ serviceConfig = {
+ DynamicUser = true;
+ User = cfg.user;
+ Group = cfg.group;
+ WorkingDirectory = "%T";
+ PrivateTmp = true;
+ NoNewPrivileges = true;
+ PrivateDevices = true;
+ ProtectHome = true;
+ ProtectControlGroups = true;
+ ProtectKernelModules = true;
+ Type = "oneshot";
+ };
+ };
systemd.services.etherpad-lite = {
description = "Etherpad-lite";
wantedBy = [ "multi-user.target" ];
RuntimeDirectory = cfg.systemdRuntimeDirectory;
StateDirectory= cfg.systemdStateDirectory;
ExecStartPre = [
- "+${pkgs.coreutils}/bin/install -d -m 0755 -o ${cfg.user} -g ${cfg.group} ${cfg.dataDir}/ep_initialized"
+ "+${pkgs.coreutils}/bin/install -d -m 0755 -o ${cfg.user} -g ${cfg.group} ${cfg.dataDir}/var ${cfg.dataDir}/ep_initialized"
"+${pkgs.coreutils}/bin/chown -R ${cfg.user}:${cfg.group} ${cfg.dataDir} ${cfg.configFile} ${cfg.sessionKeyFile} ${cfg.apiKeyFile}"
];
};
projects / perso / Immae / Config / Nix.git / blobdiff