objectifier/objectifier-module.nix

107 lines
3.0 KiB
Nix
Raw Normal View History

2023-01-06 14:46:11 -08:00
{ config, lib, pkgs, ... }:
with lib;
let
cfg = config.services.objectifier;
pythonYolo = pkgs.python3.withPackages (pyPkgs:
with pyPkgs; [
fastapi
gunicorn
opencv4
python-multipart
uvicorn
]);
in {
options.services.objectifier = with types; {
enable = mkEnableOption "Enable Objectifier object-detection web sevice.";
port = mkOption {
type = port;
description = "Port on which to run the Objectifier web service.";
default = 5121;
};
workers = mkOption {
type = int;
description = "Number of worker threads to launch.";
default = 3;
};
listen-addresses = mkOption {
type = listOf str;
description =
"List of IP addresses on which to listen for incoming requests.";
default = [ "127.0.0.1" ];
};
cleanup = {
max_file_age = mkOption {
type = int;
description =
"Maximum age of a file (in seconds), after which it will be removed.";
2023-01-07 12:43:18 -08:00
default = (60 * 60 * 8); # 8 hours
};
2023-01-07 13:41:23 -08:00
delay = mkOption {
type = int;
description = "Time between cleanup sweeps.";
2023-01-07 12:43:18 -08:00
default = (60 * 10); # 10 minutes
};
};
2023-01-06 14:46:11 -08:00
};
config = mkIf cfg.enable {
systemd.services.objectifier = {
after = [ "network-online.target" ];
2023-01-06 14:59:27 -08:00
wantedBy = [ "multi-user.target" ];
2023-01-06 14:46:11 -08:00
environment = {
2023-01-06 18:13:26 -08:00
OBJECTIFIER_YOLOV3_CONFIG = "${pkgs.yolov3-data}/yolov3.cfg";
OBJECTIFIER_YOLOV3_WEIGHTS = "${pkgs.yolov3-data}/yolov3.weights";
OBJECTIFIER_YOLOV3_LABELS = "${pkgs.yolov3-data}/labels";
2023-01-06 18:20:05 -08:00
OBJECTIFIER_BUFFER_SIZE = "524288";
OBJECTIFIER_CLEANUP_MAX_AGE = toString cfg.cleanup.max_file_age;
OBJECTIFIER_CLEANUP_DELAY = toString cfg.cleanup.delay;
2023-01-06 14:46:11 -08:00
};
serviceConfig = {
2023-01-22 16:17:03 -08:00
PrivateUsers = true;
PrivateDevices = true;
PrivateTmp = true;
PrivateMounts = true;
ProtectControlGroups = true;
ProtectKernelTunables = true;
ProtectKernelModules = true;
ProtectSystem = true;
ProtectHostname = true;
ProtectHome = true;
ProtectClock = true;
ProtectKernelLogs = true;
DynamicUser = true;
MemoryDenyWriteExecute = true;
RestrictRealtime = true;
2023-01-22 16:08:13 -08:00
# LockPersonality = true;
# PermissionsStartOnly = true;
2023-01-06 14:46:11 -08:00
WorkingDirectory = "${pkgs.objectifier}";
2023-01-07 16:27:12 -08:00
StateDirectory = "objectifier";
CacheDirectory = "objectifier";
2023-01-06 14:59:27 -08:00
LimitNOFILE = 4096;
2023-01-06 14:46:11 -08:00
Restart = "on-failure";
2023-01-06 14:59:27 -08:00
RestartSec = "5s";
2023-01-06 14:46:11 -08:00
Type = "simple";
PIDFile = "/run/objectifier.pid";
ExecStart = let
2023-01-06 16:11:56 -08:00
bindClause = concatStringsSep " "
2023-01-06 16:16:33 -08:00
(map (addr: "--bind ${addr}:${toString cfg.port}")
cfg.listen-addresses);
2023-01-06 15:50:48 -08:00
in (concatStringsSep " " [
2023-01-07 14:58:07 -08:00
"${pkgs.objectifier}/bin/objectifier"
2023-01-06 14:46:11 -08:00
bindClause
2023-01-06 16:20:17 -08:00
"--workers ${toString cfg.workers}"
2023-01-06 14:46:11 -08:00
"--pid /run/objectifier.pid"
2023-01-06 15:50:48 -08:00
]);
2023-01-06 14:46:11 -08:00
};
};
};
}