nixos/miniflux: use systemd notify and watchdog
Miniflux supports notifying systemd when it's ready. It also supports the systemd watchdog, which will restart miniflux when it's stuck.
This commit is contained in:
parent
73cb87fe15
commit
212c34f8c0
@ -1,7 +1,7 @@
|
|||||||
{ config, lib, pkgs, ... }:
|
{ config, lib, pkgs, ... }:
|
||||||
|
|
||||||
with lib;
|
|
||||||
let
|
let
|
||||||
|
inherit (lib) mkEnableOption mkPackageOption mkOption types literalExpression mkIf mkDefault;
|
||||||
cfg = config.services.miniflux;
|
cfg = config.services.miniflux;
|
||||||
|
|
||||||
defaultAddress = "localhost:8080";
|
defaultAddress = "localhost:8080";
|
||||||
@ -20,8 +20,8 @@ in
|
|||||||
|
|
||||||
package = mkPackageOption pkgs "miniflux" { };
|
package = mkPackageOption pkgs "miniflux" { };
|
||||||
|
|
||||||
createDatabaseLocally = lib.mkOption {
|
createDatabaseLocally = mkOption {
|
||||||
type = lib.types.bool;
|
type = types.bool;
|
||||||
default = true;
|
default = true;
|
||||||
description = ''
|
description = ''
|
||||||
Whether a PostgreSQL database should be automatically created and
|
Whether a PostgreSQL database should be automatically created and
|
||||||
@ -66,6 +66,7 @@ in
|
|||||||
DATABASE_URL = lib.mkIf cfg.createDatabaseLocally "user=miniflux host=/run/postgresql dbname=miniflux";
|
DATABASE_URL = lib.mkIf cfg.createDatabaseLocally "user=miniflux host=/run/postgresql dbname=miniflux";
|
||||||
RUN_MIGRATIONS = 1;
|
RUN_MIGRATIONS = 1;
|
||||||
CREATE_ADMIN = 1;
|
CREATE_ADMIN = 1;
|
||||||
|
WATCHDOG = 1;
|
||||||
};
|
};
|
||||||
|
|
||||||
services.postgresql = lib.mkIf cfg.createDatabaseLocally {
|
services.postgresql = lib.mkIf cfg.createDatabaseLocally {
|
||||||
@ -96,12 +97,18 @@ in
|
|||||||
++ lib.optionals cfg.createDatabaseLocally [ "postgresql.service" "miniflux-dbsetup.service" ];
|
++ lib.optionals cfg.createDatabaseLocally [ "postgresql.service" "miniflux-dbsetup.service" ];
|
||||||
|
|
||||||
serviceConfig = {
|
serviceConfig = {
|
||||||
ExecStart = "${cfg.package}/bin/miniflux";
|
Type = "notify";
|
||||||
|
ExecStart = lib.getExe cfg.package;
|
||||||
User = "miniflux";
|
User = "miniflux";
|
||||||
DynamicUser = true;
|
DynamicUser = true;
|
||||||
RuntimeDirectory = "miniflux";
|
RuntimeDirectory = "miniflux";
|
||||||
RuntimeDirectoryMode = "0750";
|
RuntimeDirectoryMode = "0750";
|
||||||
EnvironmentFile = cfg.adminCredentialsFile;
|
EnvironmentFile = cfg.adminCredentialsFile;
|
||||||
|
WatchdogSec = 60;
|
||||||
|
WatchdogSignal = "SIGKILL";
|
||||||
|
Restart = "always";
|
||||||
|
RestartSec = 5;
|
||||||
|
|
||||||
# Hardening
|
# Hardening
|
||||||
CapabilityBoundingSet = [ "" ];
|
CapabilityBoundingSet = [ "" ];
|
||||||
DeviceAllow = [ "" ];
|
DeviceAllow = [ "" ];
|
||||||
|
Loading…
Reference in New Issue
Block a user