From b1039a6859170a002bebce48e0b75b33d48087a7 Mon Sep 17 00:00:00 2001 From: Jeltz Date: Fri, 28 Feb 2025 11:07:01 +0100 Subject: [PATCH] indico: slightly better socket/unit config Signed-off-by: Jeltz --- modules/indico.nix | 46 ++++++++++++++++++++++++++++------------------ 1 file changed, 28 insertions(+), 18 deletions(-) diff --git a/modules/indico.nix b/modules/indico.nix index 4069991..6070090 100644 --- a/modules/indico.nix +++ b/modules/indico.nix @@ -18,7 +18,7 @@ let ++ lib.optionals (cfg.ldap != null) indico.optional-dependencies.ldap); redisSocket = config.services.redis.servers.${cfg.redis.name}.unixSocket; - indicoSocket = "/run/indico/indico.sock"; + indicoSocket = "${cfg.stateDir}/indico.sock"; baseDir = "${pythonEnv}/${pythonEnv.sitePackages}/indico"; loggingFile = yamlFmt.generate "logging.yaml" { version = 1; @@ -403,7 +403,7 @@ in { }; systemd.tmpfiles.rules = [ - "d '${cfg.stateDir}' 0750 ${cfg.user} ${cfg.group} - -" + "d '${cfg.stateDir}' 0755 ${cfg.user} ${cfg.group} - -" "d '${cfg.stateDir}/cache' 0750 ${cfg.user} ${cfg.group} - -" "d '${cfg.stateDir}/tmp' 0750 ${cfg.user} ${cfg.group} - -" "d '${cfg.storageDir}' 0750 ${cfg.user} ${cfg.group} - -" @@ -415,15 +415,12 @@ in { CREATE EXTENSION IF NOT EXISTS unaccent; CREATE EXTENSION IF NOT EXISTS pg_trgm; ''; - # TODO StateDirectory, CacheDirectory? common = { environment.INDICO_CONFIG = configFile; wantedBy = [ "multi-user.target" ]; serviceConfig = { Group = cfg.group; User = cfg.user; - # Restart = "on-failure"; - RuntimeDirectory = "indico"; }; }; in @@ -432,13 +429,13 @@ in { description = "Indico database preparation and upgrade"; after = [ "postgresql.service" ]; serviceConfig.Type = "oneshot"; - # Source: pretalx module ; passer par un service oneshot + # Source: pretalx module script = '' versionFile="${cfg.stateDir}/version" if [[ ! -f "$versionFile" ]]; then ${lib.getExe' config.services.postgresql.package "psql"} \ - -d "${cfg.database}" \ - -c "${psqlExtensionsCommands}" + -d ${lib.escapeShellArg cfg.database} \ + -c ${lib.escapeShellArg psqlExtensionsCommands} ${lib.getExe' pythonEnv "indico"} db prepare echo "${indico.version}" > "$versionFile" fi @@ -473,20 +470,33 @@ in { "indico-worker.service" "indico-db.service" ]; - # TODO bind on a TCP socket when cfg.nginx.enable == false? - serviceConfig.ExecStart = '' - ${lib.getExe' pythonEnv "gunicorn"} \ - --bind unix:${indicoSocket} \ - --name=indico \ - indico.web.wsgi - ''; + # TODO bind TCP si pas nginx + serviceConfig = { + Type = "notify"; + NotifyAccess = "main"; + ExecStart = '' + ${lib.getExe' pythonEnv "gunicorn"} \ + --name=indico indico.web.wsgi + ''; + ExecReload = "/bin/kill -s HUP $MAINPID"; + KillMode = "mixed"; + PrivateTmp = "true"; + }; }; }; systemd.sockets = lib.mkIf cfg.nginx.enable { - indico-web.socketConfig = { - ListenStream = indicoSocket; - SocketUser = config.services.nginx.user; + indico-web = { + description = "Indico socket"; + wantedBy = [ "sockets.target" ]; + partOf = [ "indico-web.service" ]; + before = [ "nginx.service" ]; + socketConfig = { + ListenStream = indicoSocket; + SocketUser = cfg.user; + SocketGroup = cfg.group; + SocketMode = "0660"; + }; }; };