-{ lib, pkgs, config, myconfig, mylibs, ... }:
+{ lib, pkgs, config, myconfig, ... }:
let
cfg = config.services.myTasks;
server_vardir = config.services.taskserver.dataDir;
};
config = lib.mkIf cfg.enable {
- mySecrets.keys = [{
+ secrets.keys = [{
dest = "webapps/tools-taskwarrior-web";
user = "wwwrun";
group = "wwwrun";
system.activationScripts.taskwarrior-web = {
deps = [ "users" ];
text = ''
- install -m 0755 -o ${user} -g ${group} -d ${socketsDir}
- install -m 0750 -o ${user} -g ${group} -d ${varDir}
- ${builtins.concatStringsSep "\n" (lib.attrsets.mapAttrsToList
- (k: v: "install -m 0750 -o ${user} -g ${group} -d ${varDir}/${k}")
- env.taskwarrior-web
- )}
if [ ! -f ${server_vardir}/userkeys/taskwarrior-web.cert.pem ]; then
${taskserver-user-certs}/bin/taskserver-user-certs taskwarrior-web
chown taskd:taskd ${server_vardir}/userkeys/taskwarrior-web.cert.pem ${server_vardir}/userkeys/taskwarrior-web.key.pem
TimeoutSec = 60;
Type = "simple";
WorkingDirectory = taskwarrior-web;
+ StateDirectoryMode = 0750;
+ StateDirectory = assert lib.strings.hasPrefix "/var/lib/" varDir;
+ (lib.strings.removePrefix "/var/lib/" varDir + "/${name}");
+ RuntimeDirectoryPreserve = "yes";
+ RuntimeDirectory = assert lib.strings.hasPrefix "/run/" socketsDir;
+ lib.strings.removePrefix "/run/" socketsDir;
};
unitConfig.RequiresMountsFor = varDir;