Peertube package to use.
'';
};
+ # Output variables
+ systemdStateDirectory = lib.mkOption {
+ type = lib.types.str;
+ # Use ReadWritePaths= instead if varDir is outside of /var/lib
+ default = assert lib.strings.hasPrefix "/var/lib/" cfg.dataDir;
+ lib.strings.removePrefix "/var/lib/" cfg.dataDir;
+ description = ''
+ Adjusted Peertube data directory for systemd
+ '';
+ readOnly = true;
+ };
};
config = lib.mkIf cfg.enable {
- users.users = lib.optionalAttrs (cfg.user == name) (lib.singleton {
- inherit name;
- inherit uid;
- group = cfg.group;
- description = "Peertube user";
- home = cfg.dataDir;
- useDefaultShell = true;
- });
- users.groups = lib.optionalAttrs (cfg.group == name) (lib.singleton {
- inherit name;
- inherit gid;
- });
+ users.users = lib.optionalAttrs (cfg.user == name) {
+ "${name}" = {
+ inherit uid;
+ group = cfg.group;
+ description = "Peertube user";
+ home = cfg.dataDir;
+ useDefaultShell = true;
+ };
+ };
+ users.groups = lib.optionalAttrs (cfg.group == name) {
+ "${name}" = {
+ inherit gid;
+ };
+ };
systemd.services.peertube = {
description = "Peertube";
path = [ pkgs.nodejs pkgs.bashInteractive pkgs.ffmpeg pkgs.openssl ];
script = ''
+ install -m 0750 -d ${cfg.dataDir}/config
+ ln -sf ${cfg.configFile} ${cfg.dataDir}/config/production.yaml
+ ln -sf ${cfg.package}/config/default.yaml ${cfg.dataDir}/config/default.yaml
exec npm run start
'';
User = cfg.user;
Group = cfg.group;
WorkingDirectory = cfg.package;
+ StateDirectory = cfg.systemdStateDirectory;
+ StateDirectoryMode = 0750;
PrivateTmp = true;
ProtectHome = true;
ProtectControlGroups = true;
unitConfig.RequiresMountsFor = cfg.dataDir;
};
-
- system.activationScripts.peertube = {
- deps = [ "users" ];
- text = ''
- install -m 0750 -o ${cfg.user} -g ${cfg.group} -d ${cfg.dataDir}
- install -m 0750 -o ${cfg.user} -g ${cfg.group} -d ${cfg.dataDir}/config
- ln -sf ${cfg.configFile} ${cfg.dataDir}/config/production.yaml
- '';
- };
-
};
}
projects / perso / Immae / Config / Nix.git / blobdiff