Use systemd RuntimeDirectory and StateDirectory entries to ensure runtime directory existence in apps

4 files changed, 14 insertions, 19 deletions

diff --git a/nixops/modules/buildbot/default.nix b/nixops/modules/buildbot/default.nix
index d7dd479..c812af9 100644
--- a/nixops/modules/buildbot/default.nix
+++ b/nixops/modules/buildbot/default.nix
@@ -61,11 +61,7 @@ in
 
     system.activationScripts = lib.attrsets.mapAttrs' (k: project: lib.attrsets.nameValuePair "buildbot-${project.name}" {
       deps = [ "users" "wrappers" ];
-      text = ''
-      install -m 0755 -o buildbot -g buildbot -d /run/buildbot/
-      install -m 0755 -o buildbot -g buildbot -d ${varDir}
-      ${project.activationScript}
-      '';
+      text = project.activationScript;
     }) myconfig.env.buildbot.projects;
 
     secrets.keys = (
@@ -190,6 +186,9 @@ in
         Type = "forking";
         User = "buildbot";
         Group = "buildbot";
+        RuntimeDirectory = "buildbot";
+        RuntimeDirectoryPreserve = "yes";
+        StateDirectory = "buildbot";
         SupplementaryGroups = "keys";
         WorkingDirectory = "${varDir}/${project.name}";
         ExecStart = "${buildbot}/bin/buildbot start";
diff --git a/nixops/modules/databases/redis.nix b/nixops/modules/databases/redis.nix
index a0917df..75c69a6 100644
--- a/nixops/modules/databases/redis.nix
+++ b/nixops/modules/databases/redis.nix
@@ -27,11 +27,9 @@ in {
         maxclients 1024
         '';
     };
-    system.activationScripts.redis = ''
-      mkdir -p $(dirname ${myconfig.env.databases.redis.socket})
-      chown redis $(dirname ${myconfig.env.databases.redis.socket})
-    '';
-
+    systemd.services.redis.serviceConfig.RuntimeDirectory =
+      assert myconfig.env.databases.redis.socket == "/run/redis/redis.sock";
+      "redis";
   };
 }
 
diff --git a/nixops/modules/mpd.nix b/nixops/modules/mpd.nix
index bc8b8df..9903bdf 100644
--- a/nixops/modules/mpd.nix
+++ b/nixops/modules/mpd.nix
@@ -19,9 +19,7 @@
     ];
     networking.firewall.allowedTCPPorts = [ 6600 ];
     users.users.mpd.extraGroups = [ "wwwrun" "keys" ];
-    system.activationScripts.mpd = ''
-      install -d -m 0755 -o mpd -g mpd /run/mpd
-      '';
+    systemd.services.mpd.serviceConfig.RuntimeDirectory = "mpd";
     services.mpd = {
       enable = true;
       network.listenAddress = "any";
diff --git a/nixops/modules/task/default.nix b/nixops/modules/task/default.nix
index 8454c4b..8370608 100644
--- a/nixops/modules/task/default.nix
+++ b/nixops/modules/task/default.nix
@@ -245,12 +245,6 @@ in {
     system.activationScripts.taskwarrior-web = {
       deps = [ "users" ];
       text = ''
-        install -m 0755 -o ${user} -g ${group} -d ${socketsDir}
-        install -m 0750 -o ${user} -g ${group} -d ${varDir}
-        ${builtins.concatStringsSep "\n" (lib.attrsets.mapAttrsToList
-          (k: v: "install -m 0750 -o ${user} -g ${group} -d ${varDir}/${k}")
-          env.taskwarrior-web
-        )}
         if [ ! -f ${server_vardir}/userkeys/taskwarrior-web.cert.pem ]; then
           ${taskserver-user-certs}/bin/taskserver-user-certs taskwarrior-web
           chown taskd:taskd ${server_vardir}/userkeys/taskwarrior-web.cert.pem ${server_vardir}/userkeys/taskwarrior-web.key.pem
@@ -315,6 +309,12 @@ in {
           TimeoutSec = 60;
           Type = "simple";
           WorkingDirectory = taskwarrior-web;
+          StateDirectoryMode = 0750;
+          StateDirectory = assert lib.strings.hasPrefix "/var/lib/" varDir;
+            (lib.strings.removePrefix "/var/lib/" varDir + "/${name}");
+          RuntimeDirectoryPreserve = "yes";
+          RuntimeDirectory = assert lib.strings.hasPrefix "/run/" socketsDir;
+            lib.strings.removePrefix "/run/" socketsDir;
         };
 
         unitConfig.RequiresMountsFor = varDir;