diff options
author | Picnoir <picnoir@alternativebit.fr> | 2024-09-27 09:46:56 +0200 |
---|---|---|
committer | Picnoir <picnoir@alternativebit.fr> | 2024-09-27 19:29:41 +0200 |
commit | aa666ce8f13fb3610328720e1e8f08c5daa6e2a2 (patch) | |
tree | 516efe6d5faa691fc2c21109d15a5ad1297a612d | |
parent | e7edb951424c5176ec97d91db9213b367920e6d4 (diff) |
nixos/pleroma: move migrations to their own systemd unit
Running the migrations in a systemd execStartPre was a mistake. The migrations can be pretty long to run and easily time-out. Moving this to a proper oneshot service solves this issue and makes this fits better the systemd execution model. We can now easily filter the migrations logs.
-rw-r--r-- | nixos/modules/services/networking/pleroma.nix | 63 |
1 files changed, 39 insertions, 24 deletions
diff --git a/nixos/modules/services/networking/pleroma.nix b/nixos/modules/services/networking/pleroma.nix index a152b72143dae..b527f4ab329ce 100644 --- a/nixos/modules/services/networking/pleroma.nix +++ b/nixos/modules/services/networking/pleroma.nix @@ -1,4 +1,4 @@ -{ config, options, lib, pkgs, stdenv, ... }: +{ config, lib, pkgs, ... }: let cfg = config.services.pleroma; in { @@ -90,21 +90,33 @@ in { import_config "${cfg.secretConfigFile}" ''; - systemd.services.pleroma = { - description = "Pleroma social network"; - wants = [ "network-online.target" ]; - after = [ "network-online.target" "postgresql.service" ]; - wantedBy = [ "multi-user.target" ]; - restartTriggers = [ config.environment.etc."/pleroma/config.exs".source ]; - environment.RELEASE_COOKIE = "/var/lib/pleroma/.cookie"; - serviceConfig = { + systemd.services = let + commonSystemdServiceConfig = { User = cfg.user; Group = cfg.group; - Type = "exec"; WorkingDirectory = "~"; StateDirectory = "pleroma pleroma/static pleroma/uploads"; StateDirectoryMode = "700"; + # Systemd sandboxing directives. + # Taken from the upstream contrib systemd service at + # pleroma/installation/pleroma.service + PrivateTmp = true; + ProtectHome = true; + ProtectSystem = "full"; + PrivateDevices = false; + NoNewPrivileges = true; + CapabilityBoundingSet = "~CAP_SYS_ADMIN"; + }; + in { + pleroma-migrations = { + description = "Pleroma social network migrations"; + wants = [ "network-online.target" ]; + after = [ "network-online.target" "postgresql.service" ]; + wantedBy = [ "pleroma.service" ]; + environment.RELEASE_COOKIE = "/var/lib/pleroma/.cookie"; + serviceConfig = commonSystemdServiceConfig // { + Type = "oneshot"; # Checking the conf file is there then running the database # migration before each service start, just in case there are # some pending ones. @@ -112,8 +124,8 @@ in { # It's sub-optimal as we'll always run this, even if pleroma # has not been updated. But the no-op process is pretty fast. # Better be safe than sorry migration-wise. - ExecStartPre = - let preScript = pkgs.writers.writeBashBin "pleromaStartPre" '' + ExecStart = + let preScript = pkgs.writers.writeBashBin "pleroma-migrations" '' if [ ! -f /var/lib/pleroma/.cookie ] then echo "Creating cookie file" @@ -121,26 +133,29 @@ in { fi ${cfg.package}/bin/pleroma_ctl migrate ''; - in "${preScript}/bin/pleromaStartPre"; + in "${preScript}/bin/pleroma-migrations"; + }; + # disksup requires bash + path = [ pkgs.bash ]; + }; + pleroma = { + description = "Pleroma social network"; + wants = [ "pleroma-migrations.service" ]; + after = [ "pleroma-migrations.service" ]; + wantedBy = [ "multi-user.target" ]; + restartTriggers = [ config.environment.etc."/pleroma/config.exs".source ]; + environment.RELEASE_COOKIE = "/var/lib/pleroma/.cookie"; + serviceConfig = commonSystemdServiceConfig // { + Type = "exec"; ExecStart = "${cfg.package}/bin/pleroma start"; ExecStop = "${cfg.package}/bin/pleroma stop"; ExecReload = "${pkgs.coreutils}/bin/kill -HUP $MAINPID"; - - # Systemd sandboxing directives. - # Taken from the upstream contrib systemd service at - # pleroma/installation/pleroma.service - PrivateTmp = true; - ProtectHome = true; - ProtectSystem = "full"; - PrivateDevices = false; - NoNewPrivileges = true; - CapabilityBoundingSet = "~CAP_SYS_ADMIN"; }; # disksup requires bash path = [ pkgs.bash ]; }; - + }; }; meta.maintainers = with lib.maintainers; [ picnoir ]; meta.doc = ./pleroma.md; |