pyrox.dev / nixpkgs
lol
fork atom

nixos/miniflux: use systemd notify and watchdog

Miniflux supports notifying systemd when it's ready.
It also supports the systemd watchdog, which will restart miniflux when it's stuck.

Marie Ramlow 212c34f8 73cb87fe

options
unified split
Changed files
+11 -4
nixos
modules
services
web-apps
miniflux.nix
+11 -4
nixos/modules/services/web-apps/miniflux.nix 
···

       
1

       
1

       
 

       
{ config, lib, pkgs, ... }:


     

       
2

       
2

       
 

       



     

       
3

       

       
-

       
with lib;


     

       
4

       
3

       
 

       
let


     

       

       
4

       
+

       
  inherit (lib) mkEnableOption mkPackageOption mkOption types literalExpression mkIf mkDefault;


     

       
5

       
5

       
 

       
  cfg = config.services.miniflux;


     

       
6

       
6

       
 

       



     

       
7

       
7

       
 

       
  defaultAddress = "localhost:8080";


     
···

       
20

       
20

       
 

       



     

       
21

       
21

       
 

       
      package = mkPackageOption pkgs "miniflux" { };


     

       
22

       
22

       
 

       



     

       
23

       

       
-

       
      createDatabaseLocally = lib.mkOption {


     

       
24

       

       
-

       
        type = lib.types.bool;


     

       

       
23

       
+

       
      createDatabaseLocally = mkOption {


     

       

       
24

       
+

       
        type = types.bool;


     

       
25

       
25

       
 

       
        default = true;


     

       
26

       
26

       
 

       
        description = ''


     

       
27

       
27

       
 

       
          Whether a PostgreSQL database should be automatically created and


     
···

       
66

       
66

       
 

       
      DATABASE_URL = lib.mkIf cfg.createDatabaseLocally "user=miniflux host=/run/postgresql dbname=miniflux";


     

       
67

       
67

       
 

       
      RUN_MIGRATIONS = 1;


     

       
68

       
68

       
 

       
      CREATE_ADMIN = 1;


     

       

       
69

       
+

       
      WATCHDOG = 1;


     

       
69

       
70

       
 

       
    };


     

       
70

       
71

       
 

       



     

       
71

       
72

       
 

       
    services.postgresql = lib.mkIf cfg.createDatabaseLocally {


     
···

       
96

       
97

       
 

       
        ++ lib.optionals cfg.createDatabaseLocally [ "postgresql.service" "miniflux-dbsetup.service" ];


     

       
97

       
98

       
 

       



     

       
98

       
99

       
 

       
      serviceConfig = {


     

       
99

       

       
-

       
        ExecStart = "${cfg.package}/bin/miniflux";


     

       

       
100

       
+

       
        Type = "notify";


     

       

       
101

       
+

       
        ExecStart = lib.getExe cfg.package;


     

       
100

       
102

       
 

       
        User = "miniflux";


     

       
101

       
103

       
 

       
        DynamicUser = true;


     

       
102

       
104

       
 

       
        RuntimeDirectory = "miniflux";


     

       
103

       
105

       
 

       
        RuntimeDirectoryMode = "0750";


     

       
104

       
106

       
 

       
        EnvironmentFile = cfg.adminCredentialsFile;


     

       

       
107

       
+

       
        WatchdogSec = 60;


     

       

       
108

       
+

       
        WatchdogSignal = "SIGKILL";


     

       

       
109

       
+

       
        Restart = "always";


     

       

       
110

       
+

       
        RestartSec = 5;


     

       

       
111

       
+

       



     

       
105

       
112

       
 

       
        # Hardening


     

       
106

       
113

       
 

       
        CapabilityBoundingSet = [ "" ];


     

       
107

       
114

       
 

       
        DeviceAllow = [ "" ];