aboutsummaryrefslogtreecommitdiff
path: root/nixops/modules/websites/tools/ether/default.nix
diff options
context:
space:
mode:
Diffstat (limited to 'nixops/modules/websites/tools/ether/default.nix')
-rw-r--r--nixops/modules/websites/tools/ether/default.nix9
1 files changed, 6 insertions, 3 deletions
diff --git a/nixops/modules/websites/tools/ether/default.nix b/nixops/modules/websites/tools/ether/default.nix
index c4a9932..6d845ac 100644
--- a/nixops/modules/websites/tools/ether/default.nix
+++ b/nixops/modules/websites/tools/ether/default.nix
@@ -12,11 +12,12 @@ in {
12 }; 12 };
13 13
14 config = lib.mkIf cfg.enable { 14 config = lib.mkIf cfg.enable {
15 deployment.keys = etherpad.keys;
15 systemd.services.etherpad-lite = { 16 systemd.services.etherpad-lite = {
16 description = "Etherpad-lite"; 17 description = "Etherpad-lite";
17 wantedBy = [ "multi-user.target" ]; 18 wantedBy = [ "multi-user.target" ];
18 after = [ "network.target" "postgresql.service" ]; 19 after = [ "network.target" "postgresql.service" "tools-etherpad-key.service" ];
19 wants = [ "postgresql.service" ]; 20 wants = [ "postgresql.service" "tools-etherpad-key.service" ];
20 21
21 environment.NODE_ENV = "production"; 22 environment.NODE_ENV = "production";
22 environment.HOME = etherpad.webappDir; 23 environment.HOME = etherpad.webappDir;
@@ -25,13 +26,14 @@ in {
25 26
26 script = '' 27 script = ''
27 exec ${pkgs.nodejs}/bin/node ${etherpad.webappDir}/src/node/server.js \ 28 exec ${pkgs.nodejs}/bin/node ${etherpad.webappDir}/src/node/server.js \
28 --settings ${etherpad.config} 29 --settings /run/keys/webapps/tools-etherpad
29 ''; 30 '';
30 31
31 serviceConfig = { 32 serviceConfig = {
32 DynamicUser = true; 33 DynamicUser = true;
33 User = "etherpad-lite"; 34 User = "etherpad-lite";
34 Group = "etherpad-lite"; 35 Group = "etherpad-lite";
36 SupplementaryGroups = "keys";
35 WorkingDirectory = etherpad.webappDir; 37 WorkingDirectory = etherpad.webappDir;
36 PrivateTmp = true; 38 PrivateTmp = true;
37 NoNewPrivileges = true; 39 NoNewPrivileges = true;
@@ -42,6 +44,7 @@ in {
42 Restart = "always"; 44 Restart = "always";
43 Type = "simple"; 45 Type = "simple";
44 TimeoutSec = 60; 46 TimeoutSec = 60;
47 ExecStartPre = "+${pkgs.coreutils}/bin/chown etherpad-lite:etherpad-lite /run/keys/webapps/tools-etherpad";
45 }; 48 };
46 }; 49 };
47 50
generated by cgit v1.2.3 (git 2.25.1) at 2024-09-04 17:27:16 +0000