Merge pull request #59389 from aanderse/issue/53853-1
replace deprecated usage of PermissionsStartOnly (part 1)
This commit is contained in:
Aaron Andersen
GitHub
commit
3464b50c61
|
|
@ -179,11 +179,11 @@ in {
|
||||||
} // optionalAttrs (cfg.config != "") { RABBITMQ_ADVANCED_CONFIG_FILE = advanced_config_file; };
|
} // optionalAttrs (cfg.config != "") { RABBITMQ_ADVANCED_CONFIG_FILE = advanced_config_file; };
|
||||||
|
|
||||||
serviceConfig = {
|
serviceConfig = {
|
||||||
PermissionsStartOnly = true; # preStart must be run as root
|
|
||||||
ExecStart = "${cfg.package}/sbin/rabbitmq-server";
|
ExecStart = "${cfg.package}/sbin/rabbitmq-server";
|
||||||
ExecStop = "${cfg.package}/sbin/rabbitmqctl shutdown";
|
ExecStop = "${cfg.package}/sbin/rabbitmqctl shutdown";
|
||||||
User = "rabbitmq";
|
User = "rabbitmq";
|
||||||
Group = "rabbitmq";
|
Group = "rabbitmq";
|
||||||
|
LogsDirectory = "rabbitmq";
|
||||||
WorkingDirectory = cfg.dataDir;
|
WorkingDirectory = cfg.dataDir;
|
||||||
Type = "notify";
|
Type = "notify";
|
||||||
NotifyAccess = "all";
|
NotifyAccess = "all";
|
||||||
|
|
@ -197,11 +197,8 @@ in {
|
||||||
preStart = ''
|
preStart = ''
|
||||||
${optionalString (cfg.cookie != "") ''
|
${optionalString (cfg.cookie != "") ''
|
||||||
echo -n ${cfg.cookie} > ${cfg.dataDir}/.erlang.cookie
|
echo -n ${cfg.cookie} > ${cfg.dataDir}/.erlang.cookie
|
||||||
chown rabbitmq:rabbitmq ${cfg.dataDir}/.erlang.cookie
|
|
||||||
chmod 600 ${cfg.dataDir}/.erlang.cookie
|
chmod 600 ${cfg.dataDir}/.erlang.cookie
|
||||||
''}
|
''}
|
||||||
mkdir -p /var/log/rabbitmq
|
|
||||||
chown rabbitmq:rabbitmq /var/log/rabbitmq
|
|
||||||
'';
|
'';
|
||||||
};
|
};
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -14,15 +14,10 @@ let
|
||||||
description = "${name} liquidsoap stream";
|
description = "${name} liquidsoap stream";
|
||||||
wantedBy = [ "multi-user.target" ];
|
wantedBy = [ "multi-user.target" ];
|
||||||
path = [ pkgs.wget ];
|
path = [ pkgs.wget ];
|
||||||
preStart =
|
|
||||||
''
|
|
||||||
mkdir -p /var/log/liquidsoap
|
|
||||||
chown liquidsoap -R /var/log/liquidsoap
|
|
||||||
'';
|
|
||||||
serviceConfig = {
|
serviceConfig = {
|
||||||
PermissionsStartOnly="true";
|
|
||||||
ExecStart = "${pkgs.liquidsoap}/bin/liquidsoap ${stream}";
|
ExecStart = "${pkgs.liquidsoap}/bin/liquidsoap ${stream}";
|
||||||
User = "liquidsoap";
|
User = "liquidsoap";
|
||||||
|
LogsDirectory = "liquidsoap";
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|
|
||||||
|
|
@ -158,18 +158,18 @@ in {
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
|
systemd.tmpfiles.rules = [
|
||||||
|
"d '${cfg.dataDir}' - ${cfg.user} ${cfg.group} - -"
|
||||||
|
"d '${cfg.playlistDirectory}' - ${cfg.user} ${cfg.group} - -"
|
||||||
|
];
|
||||||
|
|
||||||
systemd.services.mpd = {
|
systemd.services.mpd = {
|
||||||
after = [ "network.target" "sound.target" ];
|
after = [ "network.target" "sound.target" ];
|
||||||
description = "Music Player Daemon";
|
description = "Music Player Daemon";
|
||||||
wantedBy = optional (!cfg.startWhenNeeded) "multi-user.target";
|
wantedBy = optional (!cfg.startWhenNeeded) "multi-user.target";
|
||||||
|
|
||||||
preStart = ''
|
|
||||||
mkdir -p "${cfg.dataDir}" && chown -R ${cfg.user}:${cfg.group} "${cfg.dataDir}"
|
|
||||||
mkdir -p "${cfg.playlistDirectory}" && chown -R ${cfg.user}:${cfg.group} "${cfg.playlistDirectory}"
|
|
||||||
'';
|
|
||||||
serviceConfig = {
|
serviceConfig = {
|
||||||
User = "${cfg.user}";
|
User = "${cfg.user}";
|
||||||
PermissionsStartOnly = true;
|
|
||||||
ExecStart = "${pkgs.mpd}/bin/mpd --no-daemon ${mpdConf}";
|
ExecStart = "${pkgs.mpd}/bin/mpd --no-daemon ${mpdConf}";
|
||||||
Type = "notify";
|
Type = "notify";
|
||||||
LimitRTPRIO = 50;
|
LimitRTPRIO = 50;
|
||||||
|
|
|
||||||
|
|
@ -117,14 +117,12 @@ in
|
||||||
enable = true;
|
enable = true;
|
||||||
serviceConfig = {
|
serviceConfig = {
|
||||||
User = cfg.user;
|
User = cfg.user;
|
||||||
PermissionsStartOnly = true;
|
|
||||||
};
|
};
|
||||||
preStart = ''
|
|
||||||
mkdir -m 0700 -p ${cfg.location}
|
|
||||||
chown -R ${cfg.user} ${cfg.location}
|
|
||||||
'';
|
|
||||||
script = backupScript;
|
script = backupScript;
|
||||||
};
|
};
|
||||||
|
tmpfiles.rules = [
|
||||||
|
"d ${cfg.location} 0700 ${cfg.user} - - -"
|
||||||
|
];
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -14,11 +14,6 @@ let
|
||||||
|
|
||||||
requires = [ "postgresql.service" ];
|
requires = [ "postgresql.service" ];
|
||||||
|
|
||||||
preStart = ''
|
|
||||||
mkdir -m 0700 -p ${cfg.location}
|
|
||||||
chown postgres ${cfg.location}
|
|
||||||
'';
|
|
||||||
|
|
||||||
script = ''
|
script = ''
|
||||||
umask 0077 # ensure backup is only readable by postgres user
|
umask 0077 # ensure backup is only readable by postgres user
|
||||||
|
|
||||||
|
|
@ -32,7 +27,6 @@ let
|
||||||
|
|
||||||
serviceConfig = {
|
serviceConfig = {
|
||||||
Type = "oneshot";
|
Type = "oneshot";
|
||||||
PermissionsStartOnly = "true";
|
|
||||||
User = "postgres";
|
User = "postgres";
|
||||||
};
|
};
|
||||||
|
|
||||||
|
|
@ -107,6 +101,11 @@ in {
|
||||||
message = "config.services.postgresqlBackup.backupAll cannot be used together with config.services.postgresqlBackup.databases";
|
message = "config.services.postgresqlBackup.backupAll cannot be used together with config.services.postgresqlBackup.databases";
|
||||||
}];
|
}];
|
||||||
}
|
}
|
||||||
|
(mkIf cfg.enable {
|
||||||
|
systemd.tmpfiles.rules = [
|
||||||
|
"d '${cfg.location}' 0700 postgres - - -"
|
||||||
|
];
|
||||||
|
})
|
||||||
(mkIf (cfg.enable && cfg.backupAll) {
|
(mkIf (cfg.enable && cfg.backupAll) {
|
||||||
systemd.services.postgresqlBackup =
|
systemd.services.postgresqlBackup =
|
||||||
postgresqlBackupService "all" "${config.services.postgresql.package}/bin/pg_dumpall";
|
postgresqlBackupService "all" "${config.services.postgresql.package}/bin/pg_dumpall";
|
||||||
|
|
|
||||||
|
|
@ -1,8 +1,6 @@
|
||||||
{ config, lib, pkgs, ... }:
|
{ config, lib, pkgs, ... }:
|
||||||
let
|
let
|
||||||
cfg = config.services.clickhouse;
|
cfg = config.services.clickhouse;
|
||||||
confDir = "/etc/clickhouse-server";
|
|
||||||
stateDir = "/var/lib/clickhouse";
|
|
||||||
in
|
in
|
||||||
with lib;
|
with lib;
|
||||||
{
|
{
|
||||||
|
|
@ -43,20 +41,13 @@ with lib;
|
||||||
|
|
||||||
after = [ "network.target" ];
|
after = [ "network.target" ];
|
||||||
|
|
||||||
preStart = ''
|
|
||||||
mkdir -p ${stateDir}
|
|
||||||
chown clickhouse:clickhouse ${confDir} ${stateDir}
|
|
||||||
'';
|
|
||||||
|
|
||||||
script = ''
|
|
||||||
cd "${confDir}"
|
|
||||||
exec ${pkgs.clickhouse}/bin/clickhouse-server
|
|
||||||
'';
|
|
||||||
|
|
||||||
serviceConfig = {
|
serviceConfig = {
|
||||||
User = "clickhouse";
|
User = "clickhouse";
|
||||||
Group = "clickhouse";
|
Group = "clickhouse";
|
||||||
PermissionsStartOnly = true;
|
ConfigurationDirectory = "clickhouse-server";
|
||||||
|
StateDirectory = "clickhouse";
|
||||||
|
LogsDirectory = "clickhouse";
|
||||||
|
ExecStart = "${pkgs.clickhouse}/bin/clickhouse-server --config-file=${pkgs.clickhouse}/etc/clickhouse-server/config.xml";
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -158,27 +158,21 @@ in {
|
||||||
services.couchdb.configFile = mkDefault
|
services.couchdb.configFile = mkDefault
|
||||||
(if useVersion2 then "/var/lib/couchdb/local.ini" else "/var/lib/couchdb/couchdb.ini");
|
(if useVersion2 then "/var/lib/couchdb/local.ini" else "/var/lib/couchdb/couchdb.ini");
|
||||||
|
|
||||||
|
systemd.tmpfiles.rules = [
|
||||||
|
"d '${dirOf cfg.uriFile}' - ${cfg.user} ${cfg.group} - -"
|
||||||
|
"d '${dirOf cfg.logFile}' - ${cfg.user} ${cfg.group} - -"
|
||||||
|
"d '${cfg.databaseDir}' - ${cfg.user} ${cfg.group} - -"
|
||||||
|
"d '${cfg.viewIndexDir}' - ${cfg.user} ${cfg.group} - -"
|
||||||
|
];
|
||||||
|
|
||||||
systemd.services.couchdb = {
|
systemd.services.couchdb = {
|
||||||
description = "CouchDB Server";
|
description = "CouchDB Server";
|
||||||
wantedBy = [ "multi-user.target" ];
|
wantedBy = [ "multi-user.target" ];
|
||||||
|
|
||||||
preStart =
|
preStart =
|
||||||
''
|
''
|
||||||
mkdir -p `dirname ${cfg.uriFile}`;
|
|
||||||
mkdir -p `dirname ${cfg.logFile}`;
|
|
||||||
mkdir -p ${cfg.databaseDir};
|
|
||||||
mkdir -p ${cfg.viewIndexDir};
|
|
||||||
touch ${cfg.configFile}
|
touch ${cfg.configFile}
|
||||||
touch -a ${cfg.logFile}
|
touch -a ${cfg.logFile}
|
||||||
|
|
||||||
if [ "$(id -u)" = 0 ]; then
|
|
||||||
chown ${cfg.user}:${cfg.group} `dirname ${cfg.uriFile}`;
|
|
||||||
(test -f ${cfg.uriFile} && chown ${cfg.user}:${cfg.group} ${cfg.uriFile}) || true
|
|
||||||
chown ${cfg.user}:${cfg.group} ${cfg.databaseDir}
|
|
||||||
chown ${cfg.user}:${cfg.group} ${cfg.viewIndexDir}
|
|
||||||
chown ${cfg.user}:${cfg.group} ${cfg.configFile}
|
|
||||||
chown ${cfg.user}:${cfg.group} ${cfg.logFile}
|
|
||||||
fi
|
|
||||||
'';
|
'';
|
||||||
|
|
||||||
environment = mkIf useVersion2 {
|
environment = mkIf useVersion2 {
|
||||||
|
|
@ -191,7 +185,6 @@ in {
|
||||||
};
|
};
|
||||||
|
|
||||||
serviceConfig = {
|
serviceConfig = {
|
||||||
PermissionsStartOnly = true;
|
|
||||||
User = cfg.user;
|
User = cfg.user;
|
||||||
Group = cfg.group;
|
Group = cfg.group;
|
||||||
ExecStart = executable;
|
ExecStart = executable;
|
||||||
|
|
|
||||||
|
|
@ -157,20 +157,19 @@ in
|
||||||
|
|
||||||
config = mkIf config.services.influxdb.enable {
|
config = mkIf config.services.influxdb.enable {
|
||||||
|
|
||||||
|
systemd.tmpfiles.rules = [
|
||||||
|
"d '${cfg.dataDir}' 0770 ${cfg.user} ${cfg.group} - -"
|
||||||
|
];
|
||||||
|
|
||||||
systemd.services.influxdb = {
|
systemd.services.influxdb = {
|
||||||
description = "InfluxDB Server";
|
description = "InfluxDB Server";
|
||||||
wantedBy = [ "multi-user.target" ];
|
wantedBy = [ "multi-user.target" ];
|
||||||
after = [ "network.target" ];
|
after = [ "network.target" ];
|
||||||
serviceConfig = {
|
serviceConfig = {
|
||||||
ExecStart = ''${cfg.package}/bin/influxd -config "${configFile}"'';
|
ExecStart = ''${cfg.package}/bin/influxd -config "${configFile}"'';
|
||||||
User = "${cfg.user}";
|
User = cfg.user;
|
||||||
Group = "${cfg.group}";
|
Group = cfg.group;
|
||||||
PermissionsStartOnly = true;
|
|
||||||
};
|
};
|
||||||
preStart = ''
|
|
||||||
mkdir -m 0770 -p ${cfg.dataDir}
|
|
||||||
if [ "$(id -u)" = 0 ]; then chown -R ${cfg.user}:${cfg.group} ${cfg.dataDir}; fi
|
|
||||||
'';
|
|
||||||
postStart =
|
postStart =
|
||||||
let
|
let
|
||||||
scheme = if configOptions.http.https-enabled then "-k https" else "http";
|
scheme = if configOptions.http.https-enabled then "-k https" else "http";
|
||||||
|
|
|
||||||
|
|
@ -78,11 +78,6 @@ in
|
||||||
after = [ "network.target" ];
|
after = [ "network.target" ];
|
||||||
|
|
||||||
serviceConfig = {
|
serviceConfig = {
|
||||||
PermissionsStartOnly = true;
|
|
||||||
ExecStartPre = optionals cfg.enableUnixSocket [
|
|
||||||
"${pkgs.coreutils}/bin/install -d -o ${cfg.user} /run/memcached/"
|
|
||||||
"${pkgs.coreutils}/bin/chown -R ${cfg.user} /run/memcached/"
|
|
||||||
];
|
|
||||||
ExecStart =
|
ExecStart =
|
||||||
let
|
let
|
||||||
networking = if cfg.enableUnixSocket
|
networking = if cfg.enableUnixSocket
|
||||||
|
|
@ -91,12 +86,13 @@ in
|
||||||
in "${memcached}/bin/memcached ${networking} -m ${toString cfg.maxMemory} -c ${toString cfg.maxConnections} ${concatStringsSep " " cfg.extraOptions}";
|
in "${memcached}/bin/memcached ${networking} -m ${toString cfg.maxMemory} -c ${toString cfg.maxConnections} ${concatStringsSep " " cfg.extraOptions}";
|
||||||
|
|
||||||
User = cfg.user;
|
User = cfg.user;
|
||||||
|
RuntimeDirectory = "memcached";
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
imports = [
|
imports = [
|
||||||
(mkRemovedOptionModule ["services" "memcached" "socket"] ''
|
(mkRemovedOptionModule ["services" "memcached" "socket"] ''
|
||||||
This option was replaced by a fixed unix socket path at /run/memcached/memcached.sock enabled using services.memached.enableUnixSocket.
|
This option was replaced by a fixed unix socket path at /run/memcached/memcached.sock enabled using services.memcached.enableUnixSocket.
|
||||||
'')
|
'')
|
||||||
];
|
];
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -98,7 +98,7 @@ in
|
||||||
type = types.path;
|
type = types.path;
|
||||||
default = "/var/log/stanchion";
|
default = "/var/log/stanchion";
|
||||||
description = ''
|
description = ''
|
||||||
Log directory for Stanchino.
|
Log directory for Stanchion.
|
||||||
'';
|
'';
|
||||||
};
|
};
|
||||||
|
|
||||||
|
|
@ -152,6 +152,11 @@ in
|
||||||
|
|
||||||
users.groups.stanchion.gid = config.ids.gids.stanchion;
|
users.groups.stanchion.gid = config.ids.gids.stanchion;
|
||||||
|
|
||||||
|
systemd.tmpfiles.rules = [
|
||||||
|
"d '${cfg.logDir}' - stanchion stanchion --"
|
||||||
|
"d '${cfg.dataDir}' 0700 stanchion stanchion --"
|
||||||
|
];
|
||||||
|
|
||||||
systemd.services.stanchion = {
|
systemd.services.stanchion = {
|
||||||
description = "Stanchion Server";
|
description = "Stanchion Server";
|
||||||
|
|
||||||
|
|
@ -168,25 +173,12 @@ in
|
||||||
environment.STANCHION_LOG_DIR = "${cfg.logDir}";
|
environment.STANCHION_LOG_DIR = "${cfg.logDir}";
|
||||||
environment.STANCHION_ETC_DIR = "/etc/stanchion";
|
environment.STANCHION_ETC_DIR = "/etc/stanchion";
|
||||||
|
|
||||||
preStart = ''
|
|
||||||
if ! test -e ${cfg.logDir}; then
|
|
||||||
mkdir -m 0755 -p ${cfg.logDir}
|
|
||||||
chown -R stanchion:stanchion ${cfg.logDir}
|
|
||||||
fi
|
|
||||||
|
|
||||||
if ! test -e ${cfg.dataDir}; then
|
|
||||||
mkdir -m 0700 -p ${cfg.dataDir}
|
|
||||||
chown -R stanchion:stanchion ${cfg.dataDir}
|
|
||||||
fi
|
|
||||||
'';
|
|
||||||
|
|
||||||
serviceConfig = {
|
serviceConfig = {
|
||||||
ExecStart = "${cfg.package}/bin/stanchion console";
|
ExecStart = "${cfg.package}/bin/stanchion console";
|
||||||
ExecStop = "${cfg.package}/bin/stanchion stop";
|
ExecStop = "${cfg.package}/bin/stanchion stop";
|
||||||
StandardInput = "tty";
|
StandardInput = "tty";
|
||||||
User = "stanchion";
|
User = "stanchion";
|
||||||
Group = "stanchion";
|
Group = "stanchion";
|
||||||
PermissionsStartOnly = true;
|
|
||||||
# Give Stanchion a decent amount of time to clean up.
|
# Give Stanchion a decent amount of time to clean up.
|
||||||
TimeoutStopSec = 120;
|
TimeoutStopSec = 120;
|
||||||
LimitNOFILE = 65536;
|
LimitNOFILE = 65536;
|
||||||
|
|
|
||||||
|
|
@ -212,6 +212,10 @@ with lib;
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
|
systemd.tmpfiles.rules = [
|
||||||
|
"d /var/spool/nullmailer - ${cfg.user} - - -"
|
||||||
|
];
|
||||||
|
|
||||||
systemd.services.nullmailer = {
|
systemd.services.nullmailer = {
|
||||||
description = "nullmailer";
|
description = "nullmailer";
|
||||||
wantedBy = [ "multi-user.target" ];
|
wantedBy = [ "multi-user.target" ];
|
||||||
|
|
@ -220,13 +224,11 @@ with lib;
|
||||||
preStart = ''
|
preStart = ''
|
||||||
mkdir -p /var/spool/nullmailer/{queue,tmp}
|
mkdir -p /var/spool/nullmailer/{queue,tmp}
|
||||||
rm -f /var/spool/nullmailer/trigger && mkfifo -m 660 /var/spool/nullmailer/trigger
|
rm -f /var/spool/nullmailer/trigger && mkfifo -m 660 /var/spool/nullmailer/trigger
|
||||||
chown ${cfg.user} /var/spool/nullmailer/*
|
|
||||||
'';
|
'';
|
||||||
|
|
||||||
serviceConfig = {
|
serviceConfig = {
|
||||||
User = cfg.user;
|
User = cfg.user;
|
||||||
Group = cfg.group;
|
Group = cfg.group;
|
||||||
PermissionsStartOnly=true;
|
|
||||||
ExecStart = "${pkgs.nullmailer}/bin/nullmailer-send";
|
ExecStart = "${pkgs.nullmailer}/bin/nullmailer-send";
|
||||||
Restart = "always";
|
Restart = "always";
|
||||||
};
|
};
|
||||||
|
|
|
||||||
|
|
@ -94,6 +94,10 @@ in {
|
||||||
|
|
||||||
services.rss2email.config.to = cfg.to;
|
services.rss2email.config.to = cfg.to;
|
||||||
|
|
||||||
|
systemd.tmpfiles.rules = [
|
||||||
|
"d /var/rss2email 0700 rss2email rss2email - -"
|
||||||
|
];
|
||||||
|
|
||||||
systemd.services.rss2email = let
|
systemd.services.rss2email = let
|
||||||
conf = pkgs.writeText "rss2email.cfg" (lib.generators.toINI {} ({
|
conf = pkgs.writeText "rss2email.cfg" (lib.generators.toINI {} ({
|
||||||
DEFAULT = cfg.config;
|
DEFAULT = cfg.config;
|
||||||
|
|
@ -105,22 +109,16 @@ in {
|
||||||
in
|
in
|
||||||
{
|
{
|
||||||
preStart = ''
|
preStart = ''
|
||||||
mkdir -p /var/rss2email
|
|
||||||
chmod 700 /var/rss2email
|
|
||||||
|
|
||||||
cp ${conf} /var/rss2email/conf.cfg
|
cp ${conf} /var/rss2email/conf.cfg
|
||||||
if [ ! -f /var/rss2email/db.json ]; then
|
if [ ! -f /var/rss2email/db.json ]; then
|
||||||
echo '{"version":2,"feeds":[]}' > /var/rss2email/db.json
|
echo '{"version":2,"feeds":[]}' > /var/rss2email/db.json
|
||||||
fi
|
fi
|
||||||
|
|
||||||
chown -R rss2email:rss2email /var/rss2email
|
|
||||||
'';
|
'';
|
||||||
path = [ pkgs.system-sendmail ];
|
path = [ pkgs.system-sendmail ];
|
||||||
serviceConfig = {
|
serviceConfig = {
|
||||||
ExecStart =
|
ExecStart =
|
||||||
"${pkgs.rss2email}/bin/r2e -c /var/rss2email/conf.cfg -d /var/rss2email/db.json run";
|
"${pkgs.rss2email}/bin/r2e -c /var/rss2email/conf.cfg -d /var/rss2email/db.json run";
|
||||||
User = "rss2email";
|
User = "rss2email";
|
||||||
PermissionsStartOnly = "true";
|
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -142,6 +142,10 @@ in {
|
||||||
};
|
};
|
||||||
|
|
||||||
config = mkIf cfg.enable {
|
config = mkIf cfg.enable {
|
||||||
|
systemd.tmpfiles.rules = [
|
||||||
|
"d '${cfg.dataDir}' 0700 etcd - - -"
|
||||||
|
];
|
||||||
|
|
||||||
systemd.services.etcd = {
|
systemd.services.etcd = {
|
||||||
description = "etcd key-value store";
|
description = "etcd key-value store";
|
||||||
wantedBy = [ "multi-user.target" ];
|
wantedBy = [ "multi-user.target" ];
|
||||||
|
|
@ -176,14 +180,8 @@ in {
|
||||||
Type = "notify";
|
Type = "notify";
|
||||||
ExecStart = "${pkgs.etcd.bin}/bin/etcd";
|
ExecStart = "${pkgs.etcd.bin}/bin/etcd";
|
||||||
User = "etcd";
|
User = "etcd";
|
||||||
PermissionsStartOnly = true;
|
|
||||||
LimitNOFILE = 40000;
|
LimitNOFILE = 40000;
|
||||||
};
|
};
|
||||||
|
|
||||||
preStart = ''
|
|
||||||
mkdir -m 0700 -p ${cfg.dataDir}
|
|
||||||
if [ "$(id -u)" = 0 ]; then chown etcd ${cfg.dataDir}; fi
|
|
||||||
'';
|
|
||||||
};
|
};
|
||||||
|
|
||||||
environment.systemPackages = [ pkgs.etcdctl ];
|
environment.systemPackages = [ pkgs.etcdctl ];
|
||||||
|
|
|
||||||
|
|
@ -38,24 +38,19 @@ in
|
||||||
};
|
};
|
||||||
|
|
||||||
config = mkIf cfg.enable {
|
config = mkIf cfg.enable {
|
||||||
|
systemd.tmpfiles.rules = [
|
||||||
|
"d '${cfg.dataDir}' 0700 ${cfg.user} ${cfg.group} - -"
|
||||||
|
];
|
||||||
|
|
||||||
systemd.services.jackett = {
|
systemd.services.jackett = {
|
||||||
description = "Jackett";
|
description = "Jackett";
|
||||||
after = [ "network.target" ];
|
after = [ "network.target" ];
|
||||||
wantedBy = [ "multi-user.target" ];
|
wantedBy = [ "multi-user.target" ];
|
||||||
preStart = ''
|
|
||||||
test -d ${cfg.dataDir} || {
|
|
||||||
echo "Creating jackett data directory in ${cfg.dataDir}"
|
|
||||||
mkdir -p ${cfg.dataDir}
|
|
||||||
}
|
|
||||||
chown -R ${cfg.user}:${cfg.group} ${cfg.dataDir}
|
|
||||||
chmod 0700 ${cfg.dataDir}
|
|
||||||
'';
|
|
||||||
|
|
||||||
serviceConfig = {
|
serviceConfig = {
|
||||||
Type = "simple";
|
Type = "simple";
|
||||||
User = cfg.user;
|
User = cfg.user;
|
||||||
Group = cfg.group;
|
Group = cfg.group;
|
||||||
PermissionsStartOnly = "true";
|
|
||||||
ExecStart = "${pkgs.jackett}/bin/Jackett --NoUpdates --DataFolder '${cfg.dataDir}'";
|
ExecStart = "${pkgs.jackett}/bin/Jackett --NoUpdates --DataFolder '${cfg.dataDir}'";
|
||||||
Restart = "on-failure";
|
Restart = "on-failure";
|
||||||
};
|
};
|
||||||
|
|
|
||||||
|
|
@ -17,20 +17,15 @@ in
|
||||||
description = "Lidarr";
|
description = "Lidarr";
|
||||||
after = [ "network.target" ];
|
after = [ "network.target" ];
|
||||||
wantedBy = [ "multi-user.target" ];
|
wantedBy = [ "multi-user.target" ];
|
||||||
preStart = ''
|
|
||||||
[ ! -d /var/lib/lidarr ] && mkdir -p /var/lib/lidarr
|
|
||||||
chown -R lidarr:lidarr /var/lib/lidarr
|
|
||||||
'';
|
|
||||||
|
|
||||||
serviceConfig = {
|
serviceConfig = {
|
||||||
Type = "simple";
|
Type = "simple";
|
||||||
User = "lidarr";
|
User = "lidarr";
|
||||||
Group = "lidarr";
|
Group = "lidarr";
|
||||||
PermissionsStartOnly = "true";
|
|
||||||
ExecStart = "${pkgs.lidarr}/bin/Lidarr";
|
ExecStart = "${pkgs.lidarr}/bin/Lidarr";
|
||||||
Restart = "on-failure";
|
Restart = "on-failure";
|
||||||
|
|
||||||
StateDirectory = "/var/lib/lidarr/";
|
StateDirectory = "lidarr";
|
||||||
StateDirectoryMode = "0770";
|
StateDirectoryMode = "0770";
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|
|
||||||
|
|
@ -95,6 +95,9 @@ in {
|
||||||
|
|
||||||
|
|
||||||
config = mkIf cfg.enable {
|
config = mkIf cfg.enable {
|
||||||
|
systemd.tmpfiles.rules = [
|
||||||
|
"d '${cfg.workDir}' 0700 - - - -"
|
||||||
|
];
|
||||||
systemd.services.mesos-master = {
|
systemd.services.mesos-master = {
|
||||||
description = "Mesos Master";
|
description = "Mesos Master";
|
||||||
wantedBy = [ "multi-user.target" ];
|
wantedBy = [ "multi-user.target" ];
|
||||||
|
|
@ -114,11 +117,7 @@ in {
|
||||||
${toString cfg.extraCmdLineOptions}
|
${toString cfg.extraCmdLineOptions}
|
||||||
'';
|
'';
|
||||||
Restart = "on-failure";
|
Restart = "on-failure";
|
||||||
PermissionsStartOnly = true;
|
|
||||||
};
|
};
|
||||||
preStart = ''
|
|
||||||
mkdir -m 0700 -p ${cfg.workDir}
|
|
||||||
'';
|
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -184,6 +184,9 @@ in {
|
||||||
};
|
};
|
||||||
|
|
||||||
config = mkIf cfg.enable {
|
config = mkIf cfg.enable {
|
||||||
|
systemd.tmpfiles.rules = [
|
||||||
|
"d '${cfg.workDir}' 0701 - - - -"
|
||||||
|
];
|
||||||
systemd.services.mesos-slave = {
|
systemd.services.mesos-slave = {
|
||||||
description = "Mesos Slave";
|
description = "Mesos Slave";
|
||||||
wantedBy = [ "multi-user.target" ];
|
wantedBy = [ "multi-user.target" ];
|
||||||
|
|
@ -210,11 +213,7 @@ in {
|
||||||
--executor_environment_variables=${lib.escapeShellArg (builtins.toJSON cfg.executorEnvironmentVariables)} \
|
--executor_environment_variables=${lib.escapeShellArg (builtins.toJSON cfg.executorEnvironmentVariables)} \
|
||||||
${toString cfg.extraCmdLineOptions}
|
${toString cfg.extraCmdLineOptions}
|
||||||
'';
|
'';
|
||||||
PermissionsStartOnly = true;
|
|
||||||
};
|
};
|
||||||
preStart = ''
|
|
||||||
mkdir -m 0701 -p ${cfg.workDir}
|
|
||||||
'';
|
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -38,24 +38,19 @@ in
|
||||||
};
|
};
|
||||||
|
|
||||||
config = mkIf cfg.enable {
|
config = mkIf cfg.enable {
|
||||||
|
systemd.tmpfiles.rules = [
|
||||||
|
"d '${cfg.dataDir}' 0700 ${cfg.user} ${cfg.group} - -"
|
||||||
|
];
|
||||||
|
|
||||||
systemd.services.radarr = {
|
systemd.services.radarr = {
|
||||||
description = "Radarr";
|
description = "Radarr";
|
||||||
after = [ "network.target" ];
|
after = [ "network.target" ];
|
||||||
wantedBy = [ "multi-user.target" ];
|
wantedBy = [ "multi-user.target" ];
|
||||||
preStart = ''
|
|
||||||
test -d ${cfg.dataDir} || {
|
|
||||||
echo "Creating radarr data directory in ${cfg.dataDir}"
|
|
||||||
mkdir -p ${cfg.dataDir}
|
|
||||||
}
|
|
||||||
chown -R ${cfg.user}:${cfg.group} ${cfg.dataDir}
|
|
||||||
chmod 0700 ${cfg.dataDir}
|
|
||||||
'';
|
|
||||||
|
|
||||||
serviceConfig = {
|
serviceConfig = {
|
||||||
Type = "simple";
|
Type = "simple";
|
||||||
User = cfg.user;
|
User = cfg.user;
|
||||||
Group = cfg.group;
|
Group = cfg.group;
|
||||||
PermissionsStartOnly = "true";
|
|
||||||
ExecStart = "${pkgs.radarr}/bin/Radarr -nobrowser -data='${cfg.dataDir}'";
|
ExecStart = "${pkgs.radarr}/bin/Radarr -nobrowser -data='${cfg.dataDir}'";
|
||||||
Restart = "on-failure";
|
Restart = "on-failure";
|
||||||
};
|
};
|
||||||
|
|
|
||||||
|
|
@ -39,24 +39,19 @@ in
|
||||||
};
|
};
|
||||||
|
|
||||||
config = mkIf cfg.enable {
|
config = mkIf cfg.enable {
|
||||||
|
systemd.tmpfiles.rules = [
|
||||||
|
"d '${cfg.dataDir}' 0700 ${cfg.user} ${cfg.group} - -"
|
||||||
|
];
|
||||||
|
|
||||||
systemd.services.sonarr = {
|
systemd.services.sonarr = {
|
||||||
description = "Sonarr";
|
description = "Sonarr";
|
||||||
after = [ "network.target" ];
|
after = [ "network.target" ];
|
||||||
wantedBy = [ "multi-user.target" ];
|
wantedBy = [ "multi-user.target" ];
|
||||||
preStart = ''
|
|
||||||
test -d ${cfg.dataDir} || {
|
|
||||||
echo "Creating sonarr data directory in ${cfg.dataDir}"
|
|
||||||
mkdir -p ${cfg.dataDir}
|
|
||||||
}
|
|
||||||
chown -R ${cfg.user}:${cfg.group} ${cfg.dataDir}
|
|
||||||
chmod 0700 ${cfg.dataDir}
|
|
||||||
'';
|
|
||||||
|
|
||||||
serviceConfig = {
|
serviceConfig = {
|
||||||
Type = "simple";
|
Type = "simple";
|
||||||
User = cfg.user;
|
User = cfg.user;
|
||||||
Group = cfg.group;
|
Group = cfg.group;
|
||||||
PermissionsStartOnly = "true";
|
|
||||||
ExecStart = "${pkgs.sonarr}/bin/NzbDrone -nobrowser -data='${cfg.dataDir}'";
|
ExecStart = "${pkgs.sonarr}/bin/NzbDrone -nobrowser -data='${cfg.dataDir}'";
|
||||||
Restart = "on-failure";
|
Restart = "on-failure";
|
||||||
};
|
};
|
||||||
|
|
|
||||||
|
|
@ -119,6 +119,10 @@ in {
|
||||||
config = mkIf cfg.enable {
|
config = mkIf cfg.enable {
|
||||||
environment.systemPackages = [cfg.package];
|
environment.systemPackages = [cfg.package];
|
||||||
|
|
||||||
|
systemd.tmpfiles.rules = [
|
||||||
|
"d '${cfg.dataDir}' 0700 zookeeper - - -"
|
||||||
|
];
|
||||||
|
|
||||||
systemd.services.zookeeper = {
|
systemd.services.zookeeper = {
|
||||||
description = "Zookeeper Daemon";
|
description = "Zookeeper Daemon";
|
||||||
wantedBy = [ "multi-user.target" ];
|
wantedBy = [ "multi-user.target" ];
|
||||||
|
|
@ -135,11 +139,8 @@ in {
|
||||||
${configDir}/zoo.cfg
|
${configDir}/zoo.cfg
|
||||||
'';
|
'';
|
||||||
User = "zookeeper";
|
User = "zookeeper";
|
||||||
PermissionsStartOnly = true;
|
|
||||||
};
|
};
|
||||||
preStart = ''
|
preStart = ''
|
||||||
mkdir -m 0700 -p ${cfg.dataDir}
|
|
||||||
if [ "$(id -u)" = 0 ]; then chown zookeeper ${cfg.dataDir}; fi
|
|
||||||
echo "${toString cfg.id}" > ${cfg.dataDir}/myid
|
echo "${toString cfg.id}" > ${cfg.dataDir}/myid
|
||||||
'';
|
'';
|
||||||
};
|
};
|
||||||
|
|
|
||||||
|
|
@ -79,6 +79,10 @@ in {
|
||||||
};
|
};
|
||||||
|
|
||||||
config = mkIf cfg.enable {
|
config = mkIf cfg.enable {
|
||||||
|
systemd.tmpfiles.rules = [
|
||||||
|
"d '${cfg.dataDir}' - ${cfg.user} - - -"
|
||||||
|
];
|
||||||
|
|
||||||
systemd.services.collectd = {
|
systemd.services.collectd = {
|
||||||
description = "Collectd Monitoring Agent";
|
description = "Collectd Monitoring Agent";
|
||||||
after = [ "network.target" ];
|
after = [ "network.target" ];
|
||||||
|
|
@ -87,16 +91,9 @@ in {
|
||||||
serviceConfig = {
|
serviceConfig = {
|
||||||
ExecStart = "${cfg.package}/sbin/collectd -C ${conf} -f";
|
ExecStart = "${cfg.package}/sbin/collectd -C ${conf} -f";
|
||||||
User = cfg.user;
|
User = cfg.user;
|
||||||
PermissionsStartOnly = true;
|
|
||||||
Restart = "on-failure";
|
Restart = "on-failure";
|
||||||
RestartSec = 3;
|
RestartSec = 3;
|
||||||
};
|
};
|
||||||
|
|
||||||
preStart = ''
|
|
||||||
mkdir -p "${cfg.dataDir}"
|
|
||||||
chmod 755 "${cfg.dataDir}"
|
|
||||||
chown -R ${cfg.user} "${cfg.dataDir}"
|
|
||||||
'';
|
|
||||||
};
|
};
|
||||||
|
|
||||||
users.users = optional (cfg.user == "collectd") {
|
users.users = optional (cfg.user == "collectd") {
|
||||||
|
|
|
||||||
|
|
@ -226,18 +226,19 @@ in {
|
||||||
ipfs.gid = config.ids.gids.ipfs;
|
ipfs.gid = config.ids.gids.ipfs;
|
||||||
};
|
};
|
||||||
|
|
||||||
|
systemd.tmpfiles.rules = [
|
||||||
|
"d '${cfg.dataDir}' - ${cfg.user} ${cfg.group} - -"
|
||||||
|
] ++ optionals cfg.autoMount [
|
||||||
|
"d '${cfg.ipfsMountDir}' - ${cfg.user} ${cfg.group} - -"
|
||||||
|
"d '${cfg.ipnsMountDir}' - ${cfg.user} ${cfg.group} - -"
|
||||||
|
];
|
||||||
|
|
||||||
systemd.services.ipfs-init = recursiveUpdate commonEnv {
|
systemd.services.ipfs-init = recursiveUpdate commonEnv {
|
||||||
description = "IPFS Initializer";
|
description = "IPFS Initializer";
|
||||||
|
|
||||||
after = [ "local-fs.target" ];
|
after = [ "local-fs.target" ];
|
||||||
before = [ "ipfs.service" "ipfs-offline.service" "ipfs-norouting.service" ];
|
before = [ "ipfs.service" "ipfs-offline.service" "ipfs-norouting.service" ];
|
||||||
|
|
||||||
preStart = ''
|
|
||||||
install -m 0755 -o ${cfg.user} -g ${cfg.group} -d ${cfg.dataDir}
|
|
||||||
'' + optionalString cfg.autoMount ''
|
|
||||||
install -m 0755 -o ${cfg.user} -g ${cfg.group} -d ${cfg.ipfsMountDir}
|
|
||||||
install -m 0755 -o ${cfg.user} -g ${cfg.group} -d ${cfg.ipnsMountDir}
|
|
||||||
'';
|
|
||||||
script = ''
|
script = ''
|
||||||
if [[ ! -f ${cfg.dataDir}/config ]]; then
|
if [[ ! -f ${cfg.dataDir}/config ]]; then
|
||||||
ipfs init ${optionalString cfg.emptyRepo "-e"} \
|
ipfs init ${optionalString cfg.emptyRepo "-e"} \
|
||||||
|
|
@ -253,7 +254,6 @@ in {
|
||||||
serviceConfig = {
|
serviceConfig = {
|
||||||
Type = "oneshot";
|
Type = "oneshot";
|
||||||
RemainAfterExit = true;
|
RemainAfterExit = true;
|
||||||
PermissionsStartOnly = true;
|
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -116,7 +116,6 @@ in {
|
||||||
Group = "mxisd";
|
Group = "mxisd";
|
||||||
ExecStart = "${cfg.package}/bin/mxisd --spring.config.location=${cfg.dataDir}/ --spring.profiles.active=systemd --java.security.egd=file:/dev/./urandom";
|
ExecStart = "${cfg.package}/bin/mxisd --spring.config.location=${cfg.dataDir}/ --spring.profiles.active=systemd --java.security.egd=file:/dev/./urandom";
|
||||||
WorkingDirectory = cfg.dataDir;
|
WorkingDirectory = cfg.dataDir;
|
||||||
PermissionsStartOnly = true;
|
|
||||||
SuccessExitStatus = 143;
|
SuccessExitStatus = 143;
|
||||||
Restart = "on-failure";
|
Restart = "on-failure";
|
||||||
};
|
};
|
||||||
|
|
|
||||||
|
|
@ -285,12 +285,12 @@ in
|
||||||
uid = config.ids.uids.smokeping;
|
uid = config.ids.uids.smokeping;
|
||||||
description = "smokeping daemon user";
|
description = "smokeping daemon user";
|
||||||
home = smokepingHome;
|
home = smokepingHome;
|
||||||
|
createHome = true;
|
||||||
};
|
};
|
||||||
systemd.services.smokeping = {
|
systemd.services.smokeping = {
|
||||||
wantedBy = [ "multi-user.target"];
|
wantedBy = [ "multi-user.target"];
|
||||||
serviceConfig = {
|
serviceConfig = {
|
||||||
User = cfg.user;
|
User = cfg.user;
|
||||||
PermissionsStartOnly = true;
|
|
||||||
Restart = "on-failure";
|
Restart = "on-failure";
|
||||||
};
|
};
|
||||||
preStart = ''
|
preStart = ''
|
||||||
|
|
@ -300,7 +300,6 @@ in
|
||||||
cp ${cgiHome} ${smokepingHome}/smokeping.fcgi
|
cp ${cgiHome} ${smokepingHome}/smokeping.fcgi
|
||||||
${cfg.package}/bin/smokeping --check --config=${configPath}
|
${cfg.package}/bin/smokeping --check --config=${configPath}
|
||||||
${cfg.package}/bin/smokeping --static --config=${configPath}
|
${cfg.package}/bin/smokeping --static --config=${configPath}
|
||||||
chown -R ${cfg.user} ${smokepingHome}
|
|
||||||
'';
|
'';
|
||||||
script = ''${cfg.package}/bin/smokeping --config=${configPath} --nodaemon'';
|
script = ''${cfg.package}/bin/smokeping --config=${configPath} --nodaemon'';
|
||||||
};
|
};
|
||||||
|
|
|
||||||
|
|
@ -151,7 +151,6 @@ in {
|
||||||
RestartForceExitStatus="3 4";
|
RestartForceExitStatus="3 4";
|
||||||
User = cfg.user;
|
User = cfg.user;
|
||||||
Group = cfg.group;
|
Group = cfg.group;
|
||||||
PermissionsStartOnly = true;
|
|
||||||
ExecStart = ''
|
ExecStart = ''
|
||||||
${cfg.package}/bin/syncthing \
|
${cfg.package}/bin/syncthing \
|
||||||
-no-browser \
|
-no-browser \
|
||||||
|
|
|
||||||
|
|
@ -49,21 +49,16 @@ in
|
||||||
|
|
||||||
path = [ pkgs.munge pkgs.coreutils ];
|
path = [ pkgs.munge pkgs.coreutils ];
|
||||||
|
|
||||||
preStart = ''
|
|
||||||
chmod 0400 ${cfg.password}
|
|
||||||
mkdir -p /var/lib/munge -m 0711
|
|
||||||
chown -R munge:munge /var/lib/munge
|
|
||||||
mkdir -p /run/munge -m 0755
|
|
||||||
chown -R munge:munge /run/munge
|
|
||||||
'';
|
|
||||||
|
|
||||||
serviceConfig = {
|
serviceConfig = {
|
||||||
|
ExecStartPre = "+${pkgs.coreutils}/bin/chmod 0400 ${cfg.password}";
|
||||||
ExecStart = "${pkgs.munge}/bin/munged --syslog --key-file ${cfg.password}";
|
ExecStart = "${pkgs.munge}/bin/munged --syslog --key-file ${cfg.password}";
|
||||||
PIDFile = "/run/munge/munged.pid";
|
PIDFile = "/run/munge/munged.pid";
|
||||||
ExecReload = "${pkgs.coreutils}/bin/kill -HUP $MAINPID";
|
ExecReload = "${pkgs.coreutils}/bin/kill -HUP $MAINPID";
|
||||||
PermissionsStartOnly = "true";
|
|
||||||
User = "munge";
|
User = "munge";
|
||||||
Group = "munge";
|
Group = "munge";
|
||||||
|
StateDirectory = "munge";
|
||||||
|
StateDirectoryMode = "0711";
|
||||||
|
RuntimeDirectory = "munge";
|
||||||
};
|
};
|
||||||
|
|
||||||
};
|
};
|
||||||
|
|
|
||||||
|
|
@ -119,6 +119,10 @@ in
|
||||||
};
|
};
|
||||||
users.groups.vault.gid = config.ids.gids.vault;
|
users.groups.vault.gid = config.ids.gids.vault;
|
||||||
|
|
||||||
|
systemd.tmpfiles.rules = optional (cfg.storagePath != null) [
|
||||||
|
"d '${cfg.storagePath}' 0700 vault vault - -"
|
||||||
|
];
|
||||||
|
|
||||||
systemd.services.vault = {
|
systemd.services.vault = {
|
||||||
description = "Vault server daemon";
|
description = "Vault server daemon";
|
||||||
|
|
||||||
|
|
@ -128,14 +132,9 @@ in
|
||||||
|
|
||||||
restartIfChanged = false; # do not restart on "nixos-rebuild switch". It would seal the storage and disrupt the clients.
|
restartIfChanged = false; # do not restart on "nixos-rebuild switch". It would seal the storage and disrupt the clients.
|
||||||
|
|
||||||
preStart = optionalString (cfg.storagePath != null) ''
|
|
||||||
install -d -m0700 -o vault -g vault "${cfg.storagePath}"
|
|
||||||
'';
|
|
||||||
|
|
||||||
serviceConfig = {
|
serviceConfig = {
|
||||||
User = "vault";
|
User = "vault";
|
||||||
Group = "vault";
|
Group = "vault";
|
||||||
PermissionsStartOnly = true;
|
|
||||||
ExecStart = "${cfg.package}/bin/vault server -config ${configFile}";
|
ExecStart = "${cfg.package}/bin/vault server -config ${configFile}";
|
||||||
PrivateDevices = true;
|
PrivateDevices = true;
|
||||||
PrivateTmp = true;
|
PrivateTmp = true;
|
||||||
|
|
|
||||||
|
|
@ -39,6 +39,10 @@ in {
|
||||||
###### implementation
|
###### implementation
|
||||||
|
|
||||||
config = mkIf cfg.enable {
|
config = mkIf cfg.enable {
|
||||||
|
systemd.tmpfiles.rules = [
|
||||||
|
"d '${cfg.stateDir}' - peerflix - - -"
|
||||||
|
];
|
||||||
|
|
||||||
systemd.services.peerflix = {
|
systemd.services.peerflix = {
|
||||||
description = "Peerflix Daemon";
|
description = "Peerflix Daemon";
|
||||||
wantedBy = [ "multi-user.target" ];
|
wantedBy = [ "multi-user.target" ];
|
||||||
|
|
@ -47,13 +51,11 @@ in {
|
||||||
|
|
||||||
preStart = ''
|
preStart = ''
|
||||||
mkdir -p "${cfg.stateDir}"/{torrents,.config/peerflix-server}
|
mkdir -p "${cfg.stateDir}"/{torrents,.config/peerflix-server}
|
||||||
if [ "$(id -u)" = 0 ]; then chown -R peerflix "${cfg.stateDir}"; fi
|
|
||||||
ln -fs "${configFile}" "${cfg.stateDir}/.config/peerflix-server/config.json"
|
ln -fs "${configFile}" "${cfg.stateDir}/.config/peerflix-server/config.json"
|
||||||
'';
|
'';
|
||||||
|
|
||||||
serviceConfig = {
|
serviceConfig = {
|
||||||
ExecStart = "${pkgs.nodePackages.peerflix-server}/bin/peerflix-server";
|
ExecStart = "${pkgs.nodePackages.peerflix-server}/bin/peerflix-server";
|
||||||
PermissionsStartOnly = true;
|
|
||||||
User = "peerflix";
|
User = "peerflix";
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|
|
||||||
|
|
@ -899,10 +899,6 @@ in
|
||||||
description = "CodiMD Service";
|
description = "CodiMD Service";
|
||||||
wantedBy = [ "multi-user.target" ];
|
wantedBy = [ "multi-user.target" ];
|
||||||
after = [ "networking.target" ];
|
after = [ "networking.target" ];
|
||||||
preStart = ''
|
|
||||||
mkdir -p ${cfg.workDir}
|
|
||||||
chown -R codimd: ${cfg.workDir}
|
|
||||||
'';
|
|
||||||
serviceConfig = {
|
serviceConfig = {
|
||||||
WorkingDirectory = cfg.workDir;
|
WorkingDirectory = cfg.workDir;
|
||||||
ExecStart = "${pkgs.codimd}/bin/codimd";
|
ExecStart = "${pkgs.codimd}/bin/codimd";
|
||||||
|
|
@ -912,7 +908,6 @@ in
|
||||||
];
|
];
|
||||||
Restart = "always";
|
Restart = "always";
|
||||||
User = "codimd";
|
User = "codimd";
|
||||||
PermissionsStartOnly = true;
|
|
||||||
PrivateTmp = true;
|
PrivateTmp = true;
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|
|
||||||
|
|
@ -83,6 +83,8 @@ in
|
||||||
users.users."${cfg.user}" = {
|
users.users."${cfg.user}" = {
|
||||||
isSystemUser = true;
|
isSystemUser = true;
|
||||||
group = cfg.group;
|
group = cfg.group;
|
||||||
|
home = cfg.home;
|
||||||
|
createHome = true;
|
||||||
};
|
};
|
||||||
|
|
||||||
users.groups."${cfg.group}" = {};
|
users.groups."${cfg.group}" = {};
|
||||||
|
|
@ -104,8 +106,6 @@ in
|
||||||
preStart = ''
|
preStart = ''
|
||||||
mkdir -p ${cfg.home}/nexus3/etc
|
mkdir -p ${cfg.home}/nexus3/etc
|
||||||
|
|
||||||
chown -R ${cfg.user}:${cfg.group} ${cfg.home}
|
|
||||||
|
|
||||||
if [ ! -f ${cfg.home}/nexus3/etc/nexus.properties ]; then
|
if [ ! -f ${cfg.home}/nexus3/etc/nexus.properties ]; then
|
||||||
echo "# Jetty section" > ${cfg.home}/nexus3/etc/nexus.properties
|
echo "# Jetty section" > ${cfg.home}/nexus3/etc/nexus.properties
|
||||||
echo "application-port=${toString cfg.listenPort}" >> ${cfg.home}/nexus3/etc/nexus.properties
|
echo "application-port=${toString cfg.listenPort}" >> ${cfg.home}/nexus3/etc/nexus.properties
|
||||||
|
|
@ -124,7 +124,6 @@ in
|
||||||
User = cfg.user;
|
User = cfg.user;
|
||||||
Group = cfg.group;
|
Group = cfg.group;
|
||||||
PrivateTmp = true;
|
PrivateTmp = true;
|
||||||
PermissionsStartOnly = true;
|
|
||||||
LimitNOFILE = 102642;
|
LimitNOFILE = 102642;
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|
|
||||||
|
|
@ -72,19 +72,16 @@ in
|
||||||
};
|
};
|
||||||
|
|
||||||
config = mkIf cfg.enable {
|
config = mkIf cfg.enable {
|
||||||
|
systemd.tmpfiles.rules = [
|
||||||
|
"d '${cfg.configDir}' - minio minio - -"
|
||||||
|
"d '${cfg.dataDir}' - minio minio - -"
|
||||||
|
];
|
||||||
|
|
||||||
systemd.services.minio = {
|
systemd.services.minio = {
|
||||||
description = "Minio Object Storage";
|
description = "Minio Object Storage";
|
||||||
after = [ "network.target" ];
|
after = [ "network.target" ];
|
||||||
wantedBy = [ "multi-user.target" ];
|
wantedBy = [ "multi-user.target" ];
|
||||||
preStart = ''
|
|
||||||
# Make sure directories exist with correct owner
|
|
||||||
mkdir -p ${cfg.configDir}
|
|
||||||
chown -R minio:minio ${cfg.configDir}
|
|
||||||
mkdir -p ${cfg.dataDir}
|
|
||||||
chown minio:minio ${cfg.dataDir}
|
|
||||||
'';
|
|
||||||
serviceConfig = {
|
serviceConfig = {
|
||||||
PermissionsStartOnly = true;
|
|
||||||
ExecStart = "${cfg.package}/bin/minio server --json --address ${cfg.listenAddress} --config-dir=${cfg.configDir} ${cfg.dataDir}";
|
ExecStart = "${cfg.package}/bin/minio server --json --address ${cfg.listenAddress} --config-dir=${cfg.configDir} ${cfg.dataDir}";
|
||||||
Type = "simple";
|
Type = "simple";
|
||||||
User = "minio";
|
User = "minio";
|
||||||
|
|
|
||||||
|
|
@ -84,18 +84,16 @@ in {
|
||||||
};
|
};
|
||||||
|
|
||||||
config = mkIf cfg.enable {
|
config = mkIf cfg.enable {
|
||||||
|
systemd.tmpfiles.rules = [
|
||||||
|
"d '${cfg.dataDir}' 0700 traefik traefik - -"
|
||||||
|
];
|
||||||
|
|
||||||
systemd.services.traefik = {
|
systemd.services.traefik = {
|
||||||
description = "Traefik web server";
|
description = "Traefik web server";
|
||||||
after = [ "network-online.target" ];
|
after = [ "network-online.target" ];
|
||||||
wantedBy = [ "multi-user.target" ];
|
wantedBy = [ "multi-user.target" ];
|
||||||
serviceConfig = {
|
serviceConfig = {
|
||||||
PermissionsStartOnly = true;
|
|
||||||
ExecStart = ''${cfg.package.bin}/bin/traefik --configfile=${configFile}'';
|
ExecStart = ''${cfg.package.bin}/bin/traefik --configfile=${configFile}'';
|
||||||
ExecStartPre = [
|
|
||||||
''${pkgs.coreutils}/bin/mkdir -p "${cfg.dataDir}"''
|
|
||||||
''${pkgs.coreutils}/bin/chmod 700 "${cfg.dataDir}"''
|
|
||||||
''${pkgs.coreutils}/bin/chown -R traefik:traefik "${cfg.dataDir}"''
|
|
||||||
];
|
|
||||||
Type = "simple";
|
Type = "simple";
|
||||||
User = "traefik";
|
User = "traefik";
|
||||||
Group = cfg.group;
|
Group = cfg.group;
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue