Use systemd RuntimeDirectory and StateDirectory entries to ensure runtime directory existence in apps

author: Ismaël Bouya <ismael.bouya@normalesup.org> 2019-05-12 14:33:46 +0200
committer: Ismaël Bouya <ismael.bouya@normalesup.org> 2019-05-12 14:33:46 +0200
commit: 81b9ff8980a9a235b8915b5779ebc1d2a738a9a3 (patch)
tree: cd9d52274331a37f58048c836f8cf015e1f78c83 /modules/webapps
parent: b92abb02739e04df9996f31dd4f30c793b190c7a (diff)
download: Nix-81b9ff8980a9a235b8915b5779ebc1d2a738a9a3.tar.gz
Nix-81b9ff8980a9a235b8915b5779ebc1d2a738a9a3.tar.zst
Nix-81b9ff8980a9a235b8915b5779ebc1d2a738a9a3.zip
3 files changed, 78 insertions, 8 deletions
diff --git a/modules/webapps/diaspora.nix b/modules/webapps/diaspora.nix
index 8451c6d..2266332 100644
--- a/modules/webapps/diaspora.nix
+++ b/modules/webapps/diaspora.nix
@@ -52,6 +52,26 @@ in
        '';
    };
    # Output variables
+    systemdStateDirectory = lib.mkOption {
+      type = lib.types.str;
+      # Use ReadWritePaths= instead if varDir is outside of /var/lib
+      default = assert lib.strings.hasPrefix "/var/lib/" cfg.dataDir;
+        lib.strings.removePrefix "/var/lib/" cfg.dataDir;
+      description = ''
+      Adjusted Diaspora data directory for systemd
+      '';
+      readOnly = true;
+    };
+    systemdRuntimeDirectory = lib.mkOption {
+      type = lib.types.str;
+      # Use ReadWritePaths= instead if socketsDir is outside of /run
+      default = assert lib.strings.hasPrefix "/run/" cfg.socketsDir;
+        lib.strings.removePrefix "/run/" cfg.socketsDir;
+      description = ''
+      Adjusted Diaspora sockets directory for systemd
+      '';
+      readOnly = true;
+    };
    workdir = lib.mkOption {
      type = lib.types.package;
      default = cfg.package.override {
@@ -134,6 +154,8 @@ in
        Restart = "always";
        Type = "simple";
        WorkingDirectory = cfg.workdir;
+        StateDirectory = cfg.systemdStateDirectory;
+        RuntimeDirectory = cfg.systemdRuntimeDirectory;
        StandardInput = "null";
        KillMode = "control-group";
      };
@@ -144,10 +166,8 @@ in
    system.activationScripts.diaspora = {
      deps = [ "users" ];
      text = ''
-      install -m 0755 -o ${cfg.user} -g ${cfg.group} -d ${cfg.socketsDir}
+      install -m 0755 -o ${cfg.user} -g ${cfg.group} -d ${cfg.dataDir}/uploads \
-      install -m 0755 -o ${cfg.user} -g ${cfg.group} -d ${cfg.dataDir} \
+        ${cfg.dataDir}/tmp ${cfg.dataDir}/log
-        ${cfg.dataDir}/uploads ${cfg.dataDir}/tmp \
-        ${cfg.dataDir}/log
      install -m 0700 -o ${cfg.user} -g ${cfg.group} -d ${cfg.dataDir}/tmp/pids
      if [ ! -f ${cfg.dataDir}/schedule.yml ]; then
        echo "{}" | $wrapperDir/sudo -u ${cfg.user} tee ${cfg.dataDir}/schedule.yml
diff --git a/modules/webapps/mastodon.nix b/modules/webapps/mastodon.nix
index ad6d0c3..f8fbcba 100644
--- a/modules/webapps/mastodon.nix
+++ b/modules/webapps/mastodon.nix
@@ -62,6 +62,26 @@ in
      '';
      readOnly = true;
    };
+    systemdStateDirectory = lib.mkOption {
+      type = lib.types.str;
+      # Use ReadWritePaths= instead if varDir is outside of /var/lib
+      default = assert lib.strings.hasPrefix "/var/lib/" cfg.dataDir;
+        lib.strings.removePrefix "/var/lib/" cfg.dataDir;
+      description = ''
+      Adjusted Mastodon data directory for systemd
+      '';
+      readOnly = true;
+    };
+    systemdRuntimeDirectory = lib.mkOption {
+      type = lib.types.str;
+      # Use ReadWritePaths= instead if socketsDir is outside of /run
+      default = assert lib.strings.hasPrefix "/run/" cfg.socketsDir;
+        lib.strings.removePrefix "/run/" cfg.socketsDir;
+      description = ''
+      Adjusted Mastodon sockets directory for systemd
+      '';
+      readOnly = true;
+    };
    sockets = lib.mkOption {
      type = lib.types.attrsOf lib.types.path;
      default = {
@@ -122,6 +142,9 @@ in
        TimeoutSec = 15;
        Type = "simple";
        WorkingDirectory = cfg.workdir;
+        StateDirectory = cfg.systemdStateDirectory;
+        RuntimeDirectory = cfg.systemdRuntimeDirectory;
+        RuntimeDirectoryPreserve = "yes";
      };
      unitConfig.RequiresMountsFor = cfg.dataDir;
@@ -155,6 +178,9 @@ in
        TimeoutSec = 60;
        Type = "simple";
        WorkingDirectory = cfg.workdir;
+        StateDirectory = cfg.systemdStateDirectory;
+        RuntimeDirectory = cfg.systemdRuntimeDirectory;
+        RuntimeDirectoryPreserve = "yes";
      };
      unitConfig.RequiresMountsFor = cfg.dataDir;
@@ -184,6 +210,9 @@ in
        TimeoutSec = 15;
        Type = "simple";
        WorkingDirectory = cfg.workdir;
+        StateDirectory = cfg.systemdStateDirectory;
+        RuntimeDirectory = cfg.systemdRuntimeDirectory;
+        RuntimeDirectoryPreserve = "yes";
      };
      unitConfig.RequiresMountsFor = cfg.dataDir;
@@ -192,8 +221,7 @@ in
    system.activationScripts.mastodon = {
      deps = [ "users" ];
      text = ''
-      install -m 0755 -o ${cfg.user} -g ${cfg.group} -d ${cfg.socketsDir}
+      install -m 0755 -o ${cfg.user} -g ${cfg.group} -d ${cfg.dataDir}/tmp/cache
-      install -m 0755 -o ${cfg.user} -g ${cfg.group} -d ${cfg.dataDir} ${cfg.dataDir}/tmp/cache
      '';
    };
diff --git a/modules/webapps/mediagoblin.nix b/modules/webapps/mediagoblin.nix
index 0232aab..5753457 100644
--- a/modules/webapps/mediagoblin.nix
+++ b/modules/webapps/mediagoblin.nix
@@ -107,6 +107,26 @@ in
      '';
      readOnly = true;
    };
+    systemdStateDirectory = lib.mkOption {
+      type = lib.types.str;
+      # Use ReadWritePaths= instead if varDir is outside of /var/lib
+      default = assert lib.strings.hasPrefix "/var/lib/" cfg.dataDir;
+        lib.strings.removePrefix "/var/lib/" cfg.dataDir;
+      description = ''
+      Adjusted Mediagoblin data directory for systemd
+      '';
+      readOnly = true;
+    };
+    systemdRuntimeDirectory = lib.mkOption {
+      type = lib.types.str;
+      # Use ReadWritePaths= instead if socketsDir is outside of /run
+      default = assert lib.strings.hasPrefix "/run/" cfg.socketsDir;
+        lib.strings.removePrefix "/run/" cfg.socketsDir;
+      description = ''
+      Adjusted Mediagoblin sockets directory for systemd
+      '';
+      readOnly = true;
+    };
    sockets = lib.mkOption {
      type = lib.types.attrsOf lib.types.path;
      default = {
@@ -173,6 +193,8 @@ in
        TimeoutSec = 15;
        Type = "simple";
        WorkingDirectory = cfg.workdir;
+        RuntimeDirectory = cfg.systemdRuntimeDirectory;
+        StateDirectory= cfg.systemdStateDirectory;
        PIDFile = cfg.pids.paster;
      };
@@ -200,6 +222,8 @@ in
        TimeoutSec = 60;
        Type = "simple";
        WorkingDirectory = cfg.workdir;
+        RuntimeDirectory = cfg.systemdRuntimeDirectory;
+        StateDirectory= cfg.systemdStateDirectory;
        PIDFile = cfg.pids.celery;
      };
@@ -209,8 +233,6 @@ in
    system.activationScripts.mediagoblin = {
      deps = [ "users" ];
      text = ''
-      install -m 0755 -o ${cfg.user} -g ${cfg.group} -d ${cfg.socketsDir}
-      install -m 0755 -o ${cfg.user} -g ${cfg.group} -d ${cfg.dataDir}
      if [ -d ${cfg.dataDir}/plugin_static/ ]; then
        rm ${cfg.dataDir}/plugin_static/coreplugin_basic_auth
        ln -sf ${cfg.workdir}/mediagoblin/plugins/basic_auth/static ${cfg.dataDir}/plugin_static/coreplugin_basic_auth
author	Ismaël Bouya <ismael.bouya@normalesup.org>	2019-05-12 14:33:46 +0200
committer	Ismaël Bouya <ismael.bouya@normalesup.org>	2019-05-12 14:33:46 +0200
commit	81b9ff8980a9a235b8915b5779ebc1d2a738a9a3 (patch)
tree	cd9d52274331a37f58048c836f8cf015e1f78c83 /modules/webapps
parent	b92abb02739e04df9996f31dd4f30c793b190c7a (diff)
download	Nix-81b9ff8980a9a235b8915b5779ebc1d2a738a9a3.tar.gz Nix-81b9ff8980a9a235b8915b5779ebc1d2a738a9a3.tar.zst Nix-81b9ff8980a9a235b8915b5779ebc1d2a738a9a3.zip