federez/nix
7
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

indico: slightly better socket/unit config

Browse source 
Signed-off-by: Jeltz <jeltz@federez.net>
This commit is contained in:
jeltz 2025-02-28 11:07:01 +01:00
parent e47358876e
commit b1039a6859
Signed by: jeltz
GPG key ID: 800882B66C0C3326
1 changed files with 28 additions and 18 deletions
Download patch file Download diff file Expand all files Collapse all files

40
modules/indico.nix
View file

@ -18,7 +18,7 @@ let
++ lib.optionals (cfg.ldap != null) ++ lib.optionals (cfg.ldap != null)
indico.optional-dependencies.ldap); indico.optional-dependencies.ldap);
redisSocket = config.services.redis.servers.${cfg.redis.name}.unixSocket; redisSocket = config.services.redis.servers.${cfg.redis.name}.unixSocket;
indicoSocket = "/run/indico/indico.sock"; indicoSocket = "${cfg.stateDir}/indico.sock";
baseDir = "${pythonEnv}/${pythonEnv.sitePackages}/indico"; baseDir = "${pythonEnv}/${pythonEnv.sitePackages}/indico";
loggingFile = yamlFmt.generate "logging.yaml" { loggingFile = yamlFmt.generate "logging.yaml" {
version = 1; version = 1;
@ -403,7 +403,7 @@ in {
}; };
systemd.tmpfiles.rules = [ systemd.tmpfiles.rules = [
"d '${cfg.stateDir}' 0750 ${cfg.user} ${cfg.group} - -" "d '${cfg.stateDir}' 0755 ${cfg.user} ${cfg.group} - -"
"d '${cfg.stateDir}/cache' 0750 ${cfg.user} ${cfg.group} - -" "d '${cfg.stateDir}/cache' 0750 ${cfg.user} ${cfg.group} - -"
"d '${cfg.stateDir}/tmp' 0750 ${cfg.user} ${cfg.group} - -" "d '${cfg.stateDir}/tmp' 0750 ${cfg.user} ${cfg.group} - -"
"d '${cfg.storageDir}' 0750 ${cfg.user} ${cfg.group} - -" "d '${cfg.storageDir}' 0750 ${cfg.user} ${cfg.group} - -"
@ -415,15 +415,12 @@ in {
CREATE EXTENSION IF NOT EXISTS unaccent; CREATE EXTENSION IF NOT EXISTS unaccent;
CREATE EXTENSION IF NOT EXISTS pg_trgm; CREATE EXTENSION IF NOT EXISTS pg_trgm;
''; '';
# TODO StateDirectory, CacheDirectory?
common = { common = {
environment.INDICO_CONFIG = configFile; environment.INDICO_CONFIG = configFile;
wantedBy = [ "multi-user.target" ]; wantedBy = [ "multi-user.target" ];
serviceConfig = { serviceConfig = {
Group = cfg.group; Group = cfg.group;
User = cfg.user; User = cfg.user;
# Restart = "on-failure";
RuntimeDirectory = "indico";
}; };
}; };
in in
@ -432,13 +429,13 @@ in {
description = "Indico database preparation and upgrade"; description = "Indico database preparation and upgrade";
after = [ "postgresql.service" ]; after = [ "postgresql.service" ];
serviceConfig.Type = "oneshot"; serviceConfig.Type = "oneshot";
# Source: pretalx module ; passer par un service oneshot # Source: pretalx module
script = '' script = ''
versionFile="${cfg.stateDir}/version" versionFile="${cfg.stateDir}/version"
if [[ ! -f "$versionFile" ]]; then if [[ ! -f "$versionFile" ]]; then
${lib.getExe' config.services.postgresql.package "psql"} \ ${lib.getExe' config.services.postgresql.package "psql"} \
-d "${cfg.database}" \ -d ${lib.escapeShellArg cfg.database} \
-c "${psqlExtensionsCommands}" -c ${lib.escapeShellArg psqlExtensionsCommands}
${lib.getExe' pythonEnv "indico"} db prepare ${lib.getExe' pythonEnv "indico"} db prepare
echo "${indico.version}" > "$versionFile" echo "${indico.version}" > "$versionFile"
fi fi
@ -473,20 +470,33 @@ in {
"indico-worker.service" "indico-worker.service"
"indico-db.service" "indico-db.service"
]; ];
# TODO bind on a TCP socket when cfg.nginx.enable == false? # TODO bind TCP si pas nginx
serviceConfig.ExecStart = '' serviceConfig = {
Type = "notify";
NotifyAccess = "main";
ExecStart = ''
${lib.getExe' pythonEnv "gunicorn"} \ ${lib.getExe' pythonEnv "gunicorn"} \
--bind unix:${indicoSocket} \ --name=indico indico.web.wsgi
--name=indico \
indico.web.wsgi
''; '';
ExecReload = "/bin/kill -s HUP $MAINPID";
KillMode = "mixed";
PrivateTmp = "true";
};
}; };
}; };
systemd.sockets = lib.mkIf cfg.nginx.enable { systemd.sockets = lib.mkIf cfg.nginx.enable {
indico-web.socketConfig = { indico-web = {
description = "Indico socket";
wantedBy = [ "sockets.target" ];
partOf = [ "indico-web.service" ];
before = [ "nginx.service" ];
socketConfig = {
ListenStream = indicoSocket; ListenStream = indicoSocket;
SocketUser = config.services.nginx.user; SocketUser = cfg.user;
SocketGroup = cfg.group;
SocketMode = "0660";
};
}; };
}; };