diff options
author | Ismaël Bouya <ismael.bouya@normalesup.org> | 2019-05-12 14:33:46 +0200 |
---|---|---|
committer | Ismaël Bouya <ismael.bouya@normalesup.org> | 2019-05-12 14:33:46 +0200 |
commit | 81b9ff8980a9a235b8915b5779ebc1d2a738a9a3 (patch) | |
tree | cd9d52274331a37f58048c836f8cf015e1f78c83 /modules/webapps | |
parent | b92abb02739e04df9996f31dd4f30c793b190c7a (diff) | |
download | Nix-81b9ff8980a9a235b8915b5779ebc1d2a738a9a3.tar.gz Nix-81b9ff8980a9a235b8915b5779ebc1d2a738a9a3.tar.zst Nix-81b9ff8980a9a235b8915b5779ebc1d2a738a9a3.zip |
Use systemd RuntimeDirectory and StateDirectory entries to ensure runtime directory existence in apps
Diffstat (limited to 'modules/webapps')
-rw-r--r-- | modules/webapps/diaspora.nix | 28 | ||||
-rw-r--r-- | modules/webapps/mastodon.nix | 32 | ||||
-rw-r--r-- | modules/webapps/mediagoblin.nix | 26 |
3 files changed, 78 insertions, 8 deletions
diff --git a/modules/webapps/diaspora.nix b/modules/webapps/diaspora.nix index 8451c6d..2266332 100644 --- a/modules/webapps/diaspora.nix +++ b/modules/webapps/diaspora.nix | |||
@@ -52,6 +52,26 @@ in | |||
52 | ''; | 52 | ''; |
53 | }; | 53 | }; |
54 | # Output variables | 54 | # Output variables |
55 | systemdStateDirectory = lib.mkOption { | ||
56 | type = lib.types.str; | ||
57 | # Use ReadWritePaths= instead if varDir is outside of /var/lib | ||
58 | default = assert lib.strings.hasPrefix "/var/lib/" cfg.dataDir; | ||
59 | lib.strings.removePrefix "/var/lib/" cfg.dataDir; | ||
60 | description = '' | ||
61 | Adjusted Diaspora data directory for systemd | ||
62 | ''; | ||
63 | readOnly = true; | ||
64 | }; | ||
65 | systemdRuntimeDirectory = lib.mkOption { | ||
66 | type = lib.types.str; | ||
67 | # Use ReadWritePaths= instead if socketsDir is outside of /run | ||
68 | default = assert lib.strings.hasPrefix "/run/" cfg.socketsDir; | ||
69 | lib.strings.removePrefix "/run/" cfg.socketsDir; | ||
70 | description = '' | ||
71 | Adjusted Diaspora sockets directory for systemd | ||
72 | ''; | ||
73 | readOnly = true; | ||
74 | }; | ||
55 | workdir = lib.mkOption { | 75 | workdir = lib.mkOption { |
56 | type = lib.types.package; | 76 | type = lib.types.package; |
57 | default = cfg.package.override { | 77 | default = cfg.package.override { |
@@ -134,6 +154,8 @@ in | |||
134 | Restart = "always"; | 154 | Restart = "always"; |
135 | Type = "simple"; | 155 | Type = "simple"; |
136 | WorkingDirectory = cfg.workdir; | 156 | WorkingDirectory = cfg.workdir; |
157 | StateDirectory = cfg.systemdStateDirectory; | ||
158 | RuntimeDirectory = cfg.systemdRuntimeDirectory; | ||
137 | StandardInput = "null"; | 159 | StandardInput = "null"; |
138 | KillMode = "control-group"; | 160 | KillMode = "control-group"; |
139 | }; | 161 | }; |
@@ -144,10 +166,8 @@ in | |||
144 | system.activationScripts.diaspora = { | 166 | system.activationScripts.diaspora = { |
145 | deps = [ "users" ]; | 167 | deps = [ "users" ]; |
146 | text = '' | 168 | text = '' |
147 | install -m 0755 -o ${cfg.user} -g ${cfg.group} -d ${cfg.socketsDir} | 169 | install -m 0755 -o ${cfg.user} -g ${cfg.group} -d ${cfg.dataDir}/uploads \ |
148 | install -m 0755 -o ${cfg.user} -g ${cfg.group} -d ${cfg.dataDir} \ | 170 | ${cfg.dataDir}/tmp ${cfg.dataDir}/log |
149 | ${cfg.dataDir}/uploads ${cfg.dataDir}/tmp \ | ||
150 | ${cfg.dataDir}/log | ||
151 | install -m 0700 -o ${cfg.user} -g ${cfg.group} -d ${cfg.dataDir}/tmp/pids | 171 | install -m 0700 -o ${cfg.user} -g ${cfg.group} -d ${cfg.dataDir}/tmp/pids |
152 | if [ ! -f ${cfg.dataDir}/schedule.yml ]; then | 172 | if [ ! -f ${cfg.dataDir}/schedule.yml ]; then |
153 | echo "{}" | $wrapperDir/sudo -u ${cfg.user} tee ${cfg.dataDir}/schedule.yml | 173 | echo "{}" | $wrapperDir/sudo -u ${cfg.user} tee ${cfg.dataDir}/schedule.yml |
diff --git a/modules/webapps/mastodon.nix b/modules/webapps/mastodon.nix index ad6d0c3..f8fbcba 100644 --- a/modules/webapps/mastodon.nix +++ b/modules/webapps/mastodon.nix | |||
@@ -62,6 +62,26 @@ in | |||
62 | ''; | 62 | ''; |
63 | readOnly = true; | 63 | readOnly = true; |
64 | }; | 64 | }; |
65 | systemdStateDirectory = lib.mkOption { | ||
66 | type = lib.types.str; | ||
67 | # Use ReadWritePaths= instead if varDir is outside of /var/lib | ||
68 | default = assert lib.strings.hasPrefix "/var/lib/" cfg.dataDir; | ||
69 | lib.strings.removePrefix "/var/lib/" cfg.dataDir; | ||
70 | description = '' | ||
71 | Adjusted Mastodon data directory for systemd | ||
72 | ''; | ||
73 | readOnly = true; | ||
74 | }; | ||
75 | systemdRuntimeDirectory = lib.mkOption { | ||
76 | type = lib.types.str; | ||
77 | # Use ReadWritePaths= instead if socketsDir is outside of /run | ||
78 | default = assert lib.strings.hasPrefix "/run/" cfg.socketsDir; | ||
79 | lib.strings.removePrefix "/run/" cfg.socketsDir; | ||
80 | description = '' | ||
81 | Adjusted Mastodon sockets directory for systemd | ||
82 | ''; | ||
83 | readOnly = true; | ||
84 | }; | ||
65 | sockets = lib.mkOption { | 85 | sockets = lib.mkOption { |
66 | type = lib.types.attrsOf lib.types.path; | 86 | type = lib.types.attrsOf lib.types.path; |
67 | default = { | 87 | default = { |
@@ -122,6 +142,9 @@ in | |||
122 | TimeoutSec = 15; | 142 | TimeoutSec = 15; |
123 | Type = "simple"; | 143 | Type = "simple"; |
124 | WorkingDirectory = cfg.workdir; | 144 | WorkingDirectory = cfg.workdir; |
145 | StateDirectory = cfg.systemdStateDirectory; | ||
146 | RuntimeDirectory = cfg.systemdRuntimeDirectory; | ||
147 | RuntimeDirectoryPreserve = "yes"; | ||
125 | }; | 148 | }; |
126 | 149 | ||
127 | unitConfig.RequiresMountsFor = cfg.dataDir; | 150 | unitConfig.RequiresMountsFor = cfg.dataDir; |
@@ -155,6 +178,9 @@ in | |||
155 | TimeoutSec = 60; | 178 | TimeoutSec = 60; |
156 | Type = "simple"; | 179 | Type = "simple"; |
157 | WorkingDirectory = cfg.workdir; | 180 | WorkingDirectory = cfg.workdir; |
181 | StateDirectory = cfg.systemdStateDirectory; | ||
182 | RuntimeDirectory = cfg.systemdRuntimeDirectory; | ||
183 | RuntimeDirectoryPreserve = "yes"; | ||
158 | }; | 184 | }; |
159 | 185 | ||
160 | unitConfig.RequiresMountsFor = cfg.dataDir; | 186 | unitConfig.RequiresMountsFor = cfg.dataDir; |
@@ -184,6 +210,9 @@ in | |||
184 | TimeoutSec = 15; | 210 | TimeoutSec = 15; |
185 | Type = "simple"; | 211 | Type = "simple"; |
186 | WorkingDirectory = cfg.workdir; | 212 | WorkingDirectory = cfg.workdir; |
213 | StateDirectory = cfg.systemdStateDirectory; | ||
214 | RuntimeDirectory = cfg.systemdRuntimeDirectory; | ||
215 | RuntimeDirectoryPreserve = "yes"; | ||
187 | }; | 216 | }; |
188 | 217 | ||
189 | unitConfig.RequiresMountsFor = cfg.dataDir; | 218 | unitConfig.RequiresMountsFor = cfg.dataDir; |
@@ -192,8 +221,7 @@ in | |||
192 | system.activationScripts.mastodon = { | 221 | system.activationScripts.mastodon = { |
193 | deps = [ "users" ]; | 222 | deps = [ "users" ]; |
194 | text = '' | 223 | text = '' |
195 | install -m 0755 -o ${cfg.user} -g ${cfg.group} -d ${cfg.socketsDir} | 224 | install -m 0755 -o ${cfg.user} -g ${cfg.group} -d ${cfg.dataDir}/tmp/cache |
196 | install -m 0755 -o ${cfg.user} -g ${cfg.group} -d ${cfg.dataDir} ${cfg.dataDir}/tmp/cache | ||
197 | ''; | 225 | ''; |
198 | }; | 226 | }; |
199 | 227 | ||
diff --git a/modules/webapps/mediagoblin.nix b/modules/webapps/mediagoblin.nix index 0232aab..5753457 100644 --- a/modules/webapps/mediagoblin.nix +++ b/modules/webapps/mediagoblin.nix | |||
@@ -107,6 +107,26 @@ in | |||
107 | ''; | 107 | ''; |
108 | readOnly = true; | 108 | readOnly = true; |
109 | }; | 109 | }; |
110 | systemdStateDirectory = lib.mkOption { | ||
111 | type = lib.types.str; | ||
112 | # Use ReadWritePaths= instead if varDir is outside of /var/lib | ||
113 | default = assert lib.strings.hasPrefix "/var/lib/" cfg.dataDir; | ||
114 | lib.strings.removePrefix "/var/lib/" cfg.dataDir; | ||
115 | description = '' | ||
116 | Adjusted Mediagoblin data directory for systemd | ||
117 | ''; | ||
118 | readOnly = true; | ||
119 | }; | ||
120 | systemdRuntimeDirectory = lib.mkOption { | ||
121 | type = lib.types.str; | ||
122 | # Use ReadWritePaths= instead if socketsDir is outside of /run | ||
123 | default = assert lib.strings.hasPrefix "/run/" cfg.socketsDir; | ||
124 | lib.strings.removePrefix "/run/" cfg.socketsDir; | ||
125 | description = '' | ||
126 | Adjusted Mediagoblin sockets directory for systemd | ||
127 | ''; | ||
128 | readOnly = true; | ||
129 | }; | ||
110 | sockets = lib.mkOption { | 130 | sockets = lib.mkOption { |
111 | type = lib.types.attrsOf lib.types.path; | 131 | type = lib.types.attrsOf lib.types.path; |
112 | default = { | 132 | default = { |
@@ -173,6 +193,8 @@ in | |||
173 | TimeoutSec = 15; | 193 | TimeoutSec = 15; |
174 | Type = "simple"; | 194 | Type = "simple"; |
175 | WorkingDirectory = cfg.workdir; | 195 | WorkingDirectory = cfg.workdir; |
196 | RuntimeDirectory = cfg.systemdRuntimeDirectory; | ||
197 | StateDirectory= cfg.systemdStateDirectory; | ||
176 | PIDFile = cfg.pids.paster; | 198 | PIDFile = cfg.pids.paster; |
177 | }; | 199 | }; |
178 | 200 | ||
@@ -200,6 +222,8 @@ in | |||
200 | TimeoutSec = 60; | 222 | TimeoutSec = 60; |
201 | Type = "simple"; | 223 | Type = "simple"; |
202 | WorkingDirectory = cfg.workdir; | 224 | WorkingDirectory = cfg.workdir; |
225 | RuntimeDirectory = cfg.systemdRuntimeDirectory; | ||
226 | StateDirectory= cfg.systemdStateDirectory; | ||
203 | PIDFile = cfg.pids.celery; | 227 | PIDFile = cfg.pids.celery; |
204 | }; | 228 | }; |
205 | 229 | ||
@@ -209,8 +233,6 @@ in | |||
209 | system.activationScripts.mediagoblin = { | 233 | system.activationScripts.mediagoblin = { |
210 | deps = [ "users" ]; | 234 | deps = [ "users" ]; |
211 | text = '' | 235 | text = '' |
212 | install -m 0755 -o ${cfg.user} -g ${cfg.group} -d ${cfg.socketsDir} | ||
213 | install -m 0755 -o ${cfg.user} -g ${cfg.group} -d ${cfg.dataDir} | ||
214 | if [ -d ${cfg.dataDir}/plugin_static/ ]; then | 236 | if [ -d ${cfg.dataDir}/plugin_static/ ]; then |
215 | rm ${cfg.dataDir}/plugin_static/coreplugin_basic_auth | 237 | rm ${cfg.dataDir}/plugin_static/coreplugin_basic_auth |
216 | ln -sf ${cfg.workdir}/mediagoblin/plugins/basic_auth/static ${cfg.dataDir}/plugin_static/coreplugin_basic_auth | 238 | ln -sf ${cfg.workdir}/mediagoblin/plugins/basic_auth/static ${cfg.dataDir}/plugin_static/coreplugin_basic_auth |