diff options
author | Alyssa Ross <hi@alyssa.is> | 2019-02-07 15:19:21 +0000 |
---|---|---|
committer | Alyssa Ross <hi@alyssa.is> | 2019-02-07 23:35:47 +0000 |
commit | e5013c05a2f845255debf94318ab38ecef1c186b (patch) | |
tree | bec11a0bd31d3432a16899e5539f1098f1c168a4 /nixpkgs/nixos/modules/services/misc/pykms.nix | |
parent | 4fc07c92ec07cafcf6d56143ea7334693143ef88 (diff) | |
parent | 2d2f10475138b7206572dc3ec288184df2be022e (diff) | |
download | nixlib-e5013c05a2f845255debf94318ab38ecef1c186b.tar nixlib-e5013c05a2f845255debf94318ab38ecef1c186b.tar.gz nixlib-e5013c05a2f845255debf94318ab38ecef1c186b.tar.bz2 nixlib-e5013c05a2f845255debf94318ab38ecef1c186b.tar.lz nixlib-e5013c05a2f845255debf94318ab38ecef1c186b.tar.xz nixlib-e5013c05a2f845255debf94318ab38ecef1c186b.tar.zst nixlib-e5013c05a2f845255debf94318ab38ecef1c186b.zip |
Merge commit '2d2f10475138b7206572dc3ec288184df2be022e'
Diffstat (limited to 'nixpkgs/nixos/modules/services/misc/pykms.nix')
-rw-r--r-- | nixpkgs/nixos/modules/services/misc/pykms.nix | 67 |
1 files changed, 27 insertions, 40 deletions
diff --git a/nixpkgs/nixos/modules/services/misc/pykms.nix b/nixpkgs/nixos/modules/services/misc/pykms.nix index a11296e1bd02..ef90d124a284 100644 --- a/nixpkgs/nixos/modules/services/misc/pykms.nix +++ b/nixpkgs/nixos/modules/services/misc/pykms.nix @@ -5,20 +5,8 @@ with lib; let cfg = config.services.pykms; - home = "/var/lib/pykms"; - - services = { - serviceConfig = { - Restart = "on-failure"; - RestartSec = "10s"; - StartLimitInterval = "1min"; - PrivateTmp = true; - ProtectSystem = "full"; - ProtectHome = true; - }; - }; - in { + meta.maintainers = with lib.maintainers; [ peterhoeg ]; options = { services.pykms = rec { @@ -51,39 +39,38 @@ in { default = false; description = "Whether the listening port should be opened automatically."; }; + + memoryLimit = mkOption { + type = types.str; + default = "64M"; + description = "How much memory to use at most."; + }; }; }; config = mkIf cfg.enable { networking.firewall.allowedTCPPorts = lib.mkIf cfg.openFirewallPort [ cfg.port ]; - systemd.services = { - pykms = services // { - description = "Python KMS"; - wantedBy = [ "multi-user.target" ]; - serviceConfig = with pkgs; { - User = "pykms"; - Group = "pykms"; - ExecStartPre = "${getBin pykms}/bin/create_pykms_db.sh ${home}/clients.db"; - ExecStart = "${getBin pykms}/bin/server.py ${optionalString cfg.verbose "--verbose"} ${cfg.listenAddress} ${toString cfg.port}"; - WorkingDirectory = home; - MemoryLimit = "64M"; - }; - }; - }; - - users = { - users.pykms = { - name = "pykms"; - group = "pykms"; - home = home; - createHome = true; - uid = config.ids.uids.pykms; - description = "PyKMS daemon user"; - }; - - groups.pykms = { - gid = config.ids.gids.pykms; + systemd.services.pykms = let + home = "/var/lib/pykms"; + in { + description = "Python KMS"; + after = [ "network.target" ]; + wantedBy = [ "multi-user.target" ]; + # python programs with DynamicUser = true require HOME to be set + environment.HOME = home; + serviceConfig = with pkgs; { + DynamicUser = true; + StateDirectory = baseNameOf home; + ExecStartPre = "${getBin pykms}/bin/create_pykms_db.sh ${home}/clients.db"; + ExecStart = lib.concatStringsSep " " ([ + "${getBin pykms}/bin/server.py" + cfg.listenAddress + (toString cfg.port) + ] ++ lib.optional cfg.verbose "--verbose"); + WorkingDirectory = home; + Restart = "on-failure"; + MemoryLimit = cfg.memoryLimit; }; }; }; |