e11sync-backend systemd unit
This commit is contained in:
parent
e5d01f23ad
commit
8bd66dab15
|
|
@ -6,11 +6,57 @@ e11sync-backend: {
|
||||||
options.e11sync = with lib.types; {
|
options.e11sync = with lib.types; {
|
||||||
enable = lib.mkEnableOption "Enable e11sync";
|
enable = lib.mkEnableOption "Enable e11sync";
|
||||||
secretKeyPath = lib.mkOption {type = path;};
|
secretKeyPath = lib.mkOption {type = path;};
|
||||||
|
migrateOnStart = lib.mkOption {
|
||||||
|
type = bool;
|
||||||
|
default = false;
|
||||||
|
};
|
||||||
|
backendPort = lib.mkOption {
|
||||||
|
type = int;
|
||||||
|
default = 8002;
|
||||||
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
config = lib.mkIf config.e11sync.enable {
|
config = let
|
||||||
environment.systemPackages = [
|
cfg = config.e11sync;
|
||||||
e11sync-backend
|
pkg-backend = e11sync-backend.override {
|
||||||
];
|
inherit (cfg) backendPort;
|
||||||
};
|
databasePath = "/var/lib/e11sync/db.sqlite3";
|
||||||
|
};
|
||||||
|
in
|
||||||
|
lib.mkIf cfg.enable {
|
||||||
|
environment.systemPackages = [
|
||||||
|
pkg-backend
|
||||||
|
];
|
||||||
|
|
||||||
|
systemd.services = {
|
||||||
|
e11sync-backend = {
|
||||||
|
description = "e11sync backend";
|
||||||
|
environment = {
|
||||||
|
TZ = "UTC";
|
||||||
|
E11SYNC_SECRET_KEY_PATH = "/run/credentials/secret_key";
|
||||||
|
};
|
||||||
|
wantedBy = ["multi-user.target"];
|
||||||
|
serviceConfig =
|
||||||
|
{
|
||||||
|
Type = "notify";
|
||||||
|
NotifyAccess = "all";
|
||||||
|
Restart = "on-failure";
|
||||||
|
RuntimeDirectory = "e11sync";
|
||||||
|
StateDirectory = "e11sync";
|
||||||
|
WorkingDirectory = "/var/lib/e11sync";
|
||||||
|
LoadCredential = "secret_key:${cfg.secretKeyPath}";
|
||||||
|
ExecStart = "${pkg-backend}/bin/e11sync-backend";
|
||||||
|
|
||||||
|
DynamicUser = true;
|
||||||
|
NoNewPrivileges = true;
|
||||||
|
PrivateDevices = true;
|
||||||
|
ProtectKernelTunables = true;
|
||||||
|
ProtectControlGroups = true;
|
||||||
|
}
|
||||||
|
// lib.mkIf cfg.migrateOnStart {
|
||||||
|
ExecStartPre = "${pkg-backend}/bin/e11sync migrate";
|
||||||
|
};
|
||||||
|
};
|
||||||
|
};
|
||||||
|
};
|
||||||
}
|
}
|
||||||
|
|
|
||||||
|
|
@ -9,7 +9,7 @@
|
||||||
dart-sass,
|
dart-sass,
|
||||||
uwsgi,
|
uwsgi,
|
||||||
backendPort ? 8002,
|
backendPort ? 8002,
|
||||||
database-path ? null,
|
databasePath ? null,
|
||||||
geoip-mmdb,
|
geoip-mmdb,
|
||||||
}: let
|
}: let
|
||||||
uwsgi-python = uwsgi.override {plugins = ["python3"];};
|
uwsgi-python = uwsgi.override {plugins = ["python3"];};
|
||||||
|
|
@ -41,8 +41,8 @@ in
|
||||||
--add-flags "--http-socket 127.0.0.1:${toString backendPort}" \
|
--add-flags "--http-socket 127.0.0.1:${toString backendPort}" \
|
||||||
--add-flags "--wsgi-file e11sync/wsgi.py" \
|
--add-flags "--wsgi-file e11sync/wsgi.py" \
|
||||||
--add-flags --master \
|
--add-flags --master \
|
||||||
${lib.optionalString (database-path != null) ''
|
${lib.optionalString (databasePath != null) ''
|
||||||
--set E11SYNC_DATABASE_PATH "${database-path}" \
|
--set E11SYNC_DATABASE_PATH "${databasePath}" \
|
||||||
''} \
|
''} \
|
||||||
--set E11SYNC_DEBUG "" \
|
--set E11SYNC_DEBUG "" \
|
||||||
--set E11SYNC_COMPRESS_OFFLINE 1 \
|
--set E11SYNC_COMPRESS_OFFLINE 1 \
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue