'';
};
# Output variables
+ systemdStateDirectory = lib.mkOption {
+ type = lib.types.str;
+ # Use ReadWritePaths= instead if varDir is outside of /var/lib
+ default = assert lib.strings.hasPrefix "/var/lib/" cfg.dataDir;
+ lib.strings.removePrefix "/var/lib/" cfg.dataDir;
+ description = ''
+ Adjusted Diaspora data directory for systemd
+ '';
+ readOnly = true;
+ };
+ systemdRuntimeDirectory = lib.mkOption {
+ type = lib.types.str;
+ # Use ReadWritePaths= instead if socketsDir is outside of /run
+ default = assert lib.strings.hasPrefix "/run/" cfg.socketsDir;
+ lib.strings.removePrefix "/run/" cfg.socketsDir;
+ description = ''
+ Adjusted Diaspora sockets directory for systemd
+ '';
+ readOnly = true;
+ };
workdir = lib.mkOption {
type = lib.types.package;
default = cfg.package.override {
Restart = "always";
Type = "simple";
WorkingDirectory = cfg.workdir;
+ StateDirectory = cfg.systemdStateDirectory;
+ RuntimeDirectory = cfg.systemdRuntimeDirectory;
StandardInput = "null";
KillMode = "control-group";
};
system.activationScripts.diaspora = {
deps = [ "users" ];
text = ''
- install -m 0755 -o ${cfg.user} -g ${cfg.group} -d ${cfg.socketsDir}
- install -m 0755 -o ${cfg.user} -g ${cfg.group} -d ${cfg.dataDir} \
- ${cfg.dataDir}/uploads ${cfg.dataDir}/tmp \
- ${cfg.dataDir}/log
+ install -m 0755 -o ${cfg.user} -g ${cfg.group} -d ${cfg.dataDir}/uploads \
+ ${cfg.dataDir}/tmp ${cfg.dataDir}/log
install -m 0700 -o ${cfg.user} -g ${cfg.group} -d ${cfg.dataDir}/tmp/pids
if [ ! -f ${cfg.dataDir}/schedule.yml ]; then
echo "{}" | $wrapperDir/sudo -u ${cfg.user} tee ${cfg.dataDir}/schedule.yml
'';
readOnly = true;
};
+ systemdStateDirectory = lib.mkOption {
+ type = lib.types.str;
+ # Use ReadWritePaths= instead if varDir is outside of /var/lib
+ default = assert lib.strings.hasPrefix "/var/lib/" cfg.dataDir;
+ lib.strings.removePrefix "/var/lib/" cfg.dataDir;
+ description = ''
+ Adjusted Mastodon data directory for systemd
+ '';
+ readOnly = true;
+ };
+ systemdRuntimeDirectory = lib.mkOption {
+ type = lib.types.str;
+ # Use ReadWritePaths= instead if socketsDir is outside of /run
+ default = assert lib.strings.hasPrefix "/run/" cfg.socketsDir;
+ lib.strings.removePrefix "/run/" cfg.socketsDir;
+ description = ''
+ Adjusted Mastodon sockets directory for systemd
+ '';
+ readOnly = true;
+ };
sockets = lib.mkOption {
type = lib.types.attrsOf lib.types.path;
default = {
TimeoutSec = 15;
Type = "simple";
WorkingDirectory = cfg.workdir;
+ StateDirectory = cfg.systemdStateDirectory;
+ RuntimeDirectory = cfg.systemdRuntimeDirectory;
+ RuntimeDirectoryPreserve = "yes";
};
unitConfig.RequiresMountsFor = cfg.dataDir;
TimeoutSec = 60;
Type = "simple";
WorkingDirectory = cfg.workdir;
+ StateDirectory = cfg.systemdStateDirectory;
+ RuntimeDirectory = cfg.systemdRuntimeDirectory;
+ RuntimeDirectoryPreserve = "yes";
};
unitConfig.RequiresMountsFor = cfg.dataDir;
TimeoutSec = 15;
Type = "simple";
WorkingDirectory = cfg.workdir;
+ StateDirectory = cfg.systemdStateDirectory;
+ RuntimeDirectory = cfg.systemdRuntimeDirectory;
+ RuntimeDirectoryPreserve = "yes";
};
unitConfig.RequiresMountsFor = cfg.dataDir;
system.activationScripts.mastodon = {
deps = [ "users" ];
text = ''
- install -m 0755 -o ${cfg.user} -g ${cfg.group} -d ${cfg.socketsDir}
- install -m 0755 -o ${cfg.user} -g ${cfg.group} -d ${cfg.dataDir} ${cfg.dataDir}/tmp/cache
+ install -m 0755 -o ${cfg.user} -g ${cfg.group} -d ${cfg.dataDir}/tmp/cache
'';
};
'';
readOnly = true;
};
+ systemdStateDirectory = lib.mkOption {
+ type = lib.types.str;
+ # Use ReadWritePaths= instead if varDir is outside of /var/lib
+ default = assert lib.strings.hasPrefix "/var/lib/" cfg.dataDir;
+ lib.strings.removePrefix "/var/lib/" cfg.dataDir;
+ description = ''
+ Adjusted Mediagoblin data directory for systemd
+ '';
+ readOnly = true;
+ };
+ systemdRuntimeDirectory = lib.mkOption {
+ type = lib.types.str;
+ # Use ReadWritePaths= instead if socketsDir is outside of /run
+ default = assert lib.strings.hasPrefix "/run/" cfg.socketsDir;
+ lib.strings.removePrefix "/run/" cfg.socketsDir;
+ description = ''
+ Adjusted Mediagoblin sockets directory for systemd
+ '';
+ readOnly = true;
+ };
sockets = lib.mkOption {
type = lib.types.attrsOf lib.types.path;
default = {
TimeoutSec = 15;
Type = "simple";
WorkingDirectory = cfg.workdir;
+ RuntimeDirectory = cfg.systemdRuntimeDirectory;
+ StateDirectory= cfg.systemdStateDirectory;
PIDFile = cfg.pids.paster;
};
TimeoutSec = 60;
Type = "simple";
WorkingDirectory = cfg.workdir;
+ RuntimeDirectory = cfg.systemdRuntimeDirectory;
+ StateDirectory= cfg.systemdStateDirectory;
PIDFile = cfg.pids.celery;
};
system.activationScripts.mediagoblin = {
deps = [ "users" ];
text = ''
- install -m 0755 -o ${cfg.user} -g ${cfg.group} -d ${cfg.socketsDir}
- install -m 0755 -o ${cfg.user} -g ${cfg.group} -d ${cfg.dataDir}
if [ -d ${cfg.dataDir}/plugin_static/ ]; then
rm ${cfg.dataDir}/plugin_static/coreplugin_basic_auth
ln -sf ${cfg.workdir}/mediagoblin/plugins/basic_auth/static ${cfg.dataDir}/plugin_static/coreplugin_basic_auth
system.activationScripts = lib.attrsets.mapAttrs' (k: project: lib.attrsets.nameValuePair "buildbot-${project.name}" {
deps = [ "users" "wrappers" ];
- text = ''
- install -m 0755 -o buildbot -g buildbot -d /run/buildbot/
- install -m 0755 -o buildbot -g buildbot -d ${varDir}
- ${project.activationScript}
- '';
+ text = project.activationScript;
}) myconfig.env.buildbot.projects;
secrets.keys = (
Type = "forking";
User = "buildbot";
Group = "buildbot";
+ RuntimeDirectory = "buildbot";
+ RuntimeDirectoryPreserve = "yes";
+ StateDirectory = "buildbot";
SupplementaryGroups = "keys";
WorkingDirectory = "${varDir}/${project.name}";
ExecStart = "${buildbot}/bin/buildbot start";
maxclients 1024
'';
};
- system.activationScripts.redis = ''
- mkdir -p $(dirname ${myconfig.env.databases.redis.socket})
- chown redis $(dirname ${myconfig.env.databases.redis.socket})
- '';
-
+ systemd.services.redis.serviceConfig.RuntimeDirectory =
+ assert myconfig.env.databases.redis.socket == "/run/redis/redis.sock";
+ "redis";
};
}
];
networking.firewall.allowedTCPPorts = [ 6600 ];
users.users.mpd.extraGroups = [ "wwwrun" "keys" ];
- system.activationScripts.mpd = ''
- install -d -m 0755 -o mpd -g mpd /run/mpd
- '';
+ systemd.services.mpd.serviceConfig.RuntimeDirectory = "mpd";
services.mpd = {
enable = true;
network.listenAddress = "any";
system.activationScripts.taskwarrior-web = {
deps = [ "users" ];
text = ''
- install -m 0755 -o ${user} -g ${group} -d ${socketsDir}
- install -m 0750 -o ${user} -g ${group} -d ${varDir}
- ${builtins.concatStringsSep "\n" (lib.attrsets.mapAttrsToList
- (k: v: "install -m 0750 -o ${user} -g ${group} -d ${varDir}/${k}")
- env.taskwarrior-web
- )}
if [ ! -f ${server_vardir}/userkeys/taskwarrior-web.cert.pem ]; then
${taskserver-user-certs}/bin/taskserver-user-certs taskwarrior-web
chown taskd:taskd ${server_vardir}/userkeys/taskwarrior-web.cert.pem ${server_vardir}/userkeys/taskwarrior-web.key.pem
TimeoutSec = 60;
Type = "simple";
WorkingDirectory = taskwarrior-web;
+ StateDirectoryMode = 0750;
+ StateDirectory = assert lib.strings.hasPrefix "/var/lib/" varDir;
+ (lib.strings.removePrefix "/var/lib/" varDir + "/${name}");
+ RuntimeDirectoryPreserve = "yes";
+ RuntimeDirectory = assert lib.strings.hasPrefix "/run/" socketsDir;
+ lib.strings.removePrefix "/run/" socketsDir;
};
unitConfig.RequiresMountsFor = varDir;
projects / perso / Immae / Config / Nix.git / commitdiff
