pyrox.dev / nixpkgs
lol
fork atom

nixos/mastodon: Allow configuring sidekiq processes

This change allows the number of sidekiq processes and which job classes
they handle to be configured.

An instance admin may choose to have separate sidekiq processes handling
jobs related to local users (`default` job class) and jobs related to
federation (`push`, `pull`, `ingress`), so that as the instance grows
and takes on more federation traffic, the local users' experience is not
as impacted.

For more details, see https://docs.joinmastodon.org/admin/scaling/#sidekiq

This pr also includes the following changes suggested in review:

- adds syslog identifiers for mastodon services
- moves working directory config to common cfgService
- adds mastodon.target

Viv Lim c778f4d2 3a78cc53

options
unified split
Changed files
+89 -32
nixos
modules
services
web-apps
mastodon.nix
tests
web-apps
mastodon
script.nix
+88 -31
nixos/modules/services/web-apps/mastodon.nix 
···

       
48

       
 

       
    # User and group


     

       
49

       
 

       
    User = cfg.user;


     

       
50

       
 

       
    Group = cfg.group;


     

       

       

       
     

       

       

       
     

       
51

       
 

       
    # State directory and mode


     

       
52

       
 

       
    StateDirectory = "mastodon";


     

       
53

       
 

       
    StateDirectoryMode = "0750";


     
···

       
110

       
 

       
    $sudo ${cfg.package}/bin/tootctl "$@"


     

       
111

       
 

       
  '';


     

       
112

       
 

       



     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       
113

       
 

       
in {


     

       
114

       
 

       



     

       
115

       
 

       
  options = {


     
···

       
195

       
 

       
        type = lib.types.port;


     

       
196

       
 

       
        default = 55002;


     

       
197

       
 

       
      };


     

       

       

       
     

       
198

       
 

       
      sidekiqThreads = lib.mkOption {


     

       
199

       
-

       
        description = lib.mdDoc "Worker threads used by the mastodon-sidekiq service.";


     

       
200

       
 

       
        type = lib.types.int;


     

       
201

       
 

       
        default = 25;


     

       
202

       
 

       
      };


     

       
203

       
 

       



     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       
204

       
 

       
      vapidPublicKeyFile = lib.mkOption {


     

       
205

       
 

       
        description = lib.mdDoc ''


     

       
206

       
 

       
          Path to file containing the public key used for Web Push


     
···

       
482

       
 

       
    };


     

       
483

       
 

       
  };


     

       
484

       
 

       



     

       
485

       
-

       
  config = lib.mkIf cfg.enable {


     

       
486

       
 

       
    assertions = [


     

       
487

       
 

       
      {


     

       
488

       
 

       
        assertion = databaseActuallyCreateLocally -> (cfg.user == cfg.database.user);


     
···

       
517

       
 

       



     

       
518

       
 

       
    environment.systemPackages = [ mastodonTootctl ];


     

       
519

       
 

       



     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       
520

       
 

       
    systemd.services.mastodon-init-dirs = {


     

       
521

       
 

       
      script = ''


     

       
522

       
 

       
        umask 077


     
···

       
551

       
 

       
      environment = env;


     

       
552

       
 

       
      serviceConfig = {


     

       
553

       
 

       
        Type = "oneshot";


     

       
554

       
-

       
        WorkingDirectory = cfg.package;


     

       
555

       
 

       
        # System Call Filtering


     

       
556

       
 

       
        SystemCallFilter = [ ("~" + lib.concatStringsSep " " (systemCallsList ++ [ "@resources" ])) "@chown" "pipe" "pipe2" ];


     

       
557

       
 

       
      } // cfgService;


     
···

       
609

       
 

       
      requires = [ "mastodon-init-dirs.service" ]


     

       
610

       
 

       
        ++ lib.optional databaseActuallyCreateLocally "postgresql.service"


     

       
611

       
 

       
        ++ lib.optional cfg.automaticMigrations "mastodon-init-db.service";


     

       
612

       
-

       
      wantedBy = [ "multi-user.target" ];


     

       
613

       
 

       
      description = "Mastodon streaming";


     

       
614

       
 

       
      environment = env // (if cfg.enableUnixSocket


     

       
615

       
 

       
        then { SOCKET = "/run/mastodon-streaming/streaming.socket"; }


     
···

       
636

       
 

       
      requires = [ "mastodon-init-dirs.service" ]


     

       
637

       
 

       
        ++ lib.optional databaseActuallyCreateLocally "postgresql.service"


     

       
638

       
 

       
        ++ lib.optional cfg.automaticMigrations "mastodon-init-db.service";


     

       
639

       
-

       
      wantedBy = [ "multi-user.target" ];


     

       
640

       
 

       
      description = "Mastodon web";


     

       
641

       
 

       
      environment = env // (if cfg.enableUnixSocket


     

       
642

       
 

       
        then { SOCKET = "/run/mastodon-web/web.socket"; }


     
···

       
657

       
 

       
      path = with pkgs; [ file imagemagick ffmpeg ];


     

       
658

       
 

       
    };


     

       
659

       
 

       



     

       
660

       
-

       
    systemd.services.mastodon-sidekiq = {


     

       
661

       
-

       
      after = [ "network.target" "mastodon-init-dirs.service" ]


     

       
662

       
-

       
        ++ lib.optional databaseActuallyCreateLocally "postgresql.service"


     

       
663

       
-

       
        ++ lib.optional cfg.automaticMigrations "mastodon-init-db.service";


     

       
664

       
-

       
      requires = [ "mastodon-init-dirs.service" ]


     

       
665

       
-

       
        ++ lib.optional databaseActuallyCreateLocally "postgresql.service"


     

       
666

       
-

       
        ++ lib.optional cfg.automaticMigrations "mastodon-init-db.service";


     

       
667

       
-

       
      wantedBy = [ "multi-user.target" ];


     

       
668

       
-

       
      description = "Mastodon sidekiq";


     

       
669

       
-

       
      environment = env // {


     

       
670

       
-

       
        PORT = toString(cfg.sidekiqPort);


     

       
671

       
-

       
        DB_POOL = toString cfg.sidekiqThreads;


     

       
672

       
-

       
      };


     

       
673

       
-

       
      serviceConfig = {


     

       
674

       
-

       
        ExecStart = "${cfg.package}/bin/sidekiq -c ${toString cfg.sidekiqThreads} -r ${cfg.package}";


     

       
675

       
-

       
        Restart = "always";


     

       
676

       
-

       
        RestartSec = 20;


     

       
677

       
-

       
        EnvironmentFile = [ "/var/lib/mastodon/.secrets_env" ] ++ cfg.extraEnvFiles;


     

       
678

       
-

       
        WorkingDirectory = cfg.package;


     

       
679

       
-

       
        # System Call Filtering


     

       
680

       
-

       
        SystemCallFilter = [ ("~" + lib.concatStringsSep " " systemCallsList) "@chown" "pipe" "pipe2" ];


     

       
681

       
-

       
      } // cfgService;


     

       
682

       
-

       
      path = with pkgs; [ file imagemagick ffmpeg ];


     

       
683

       
-

       
    };


     

       
684

       
-

       



     

       
685

       
 

       
    systemd.services.mastodon-media-auto-remove = lib.mkIf cfg.mediaAutoRemove.enable {


     

       
686

       
 

       
      description = "Mastodon media auto remove";


     

       
687

       
 

       
      environment = env;


     
···

       
757

       
 

       
    ];


     

       
758

       
 

       



     

       
759

       
 

       
    users.groups.${cfg.group}.members = lib.optional cfg.configureNginx config.services.nginx.user;


     

       
760

       
-

       
  };


     

       

       

       
     

       

       

       
     

       
761

       
 

       



     

       
762

       
 

       
  meta.maintainers = with lib.maintainers; [ happy-river erictapen ];


     

       
763

       
 

       



     
···

       
48

       
 

       
    # User and group


     

       
49

       
 

       
    User = cfg.user;


     

       
50

       
 

       
    Group = cfg.group;


     

       
51

       
+

       
    # Working directory


     

       
52

       
+

       
    WorkingDirectory = cfg.package;


     

       
53

       
 

       
    # State directory and mode


     

       
54

       
 

       
    StateDirectory = "mastodon";


     

       
55

       
 

       
    StateDirectoryMode = "0750";


     
···

       
112

       
 

       
    $sudo ${cfg.package}/bin/tootctl "$@"


     

       
113

       
 

       
  '';


     

       
114

       
 

       



     

       
115

       
+

       
  sidekiqUnits = lib.attrsets.mapAttrs' (name: processCfg:


     

       
116

       
+

       
    lib.nameValuePair "mastodon-sidekiq-${name}" (let


     

       
117

       
+

       
      jobClassArgs = toString (builtins.map (c: "-q ${c}") processCfg.jobClasses);


     

       
118

       
+

       
      jobClassLabel = toString ([""] ++ processCfg.jobClasses);


     

       
119

       
+

       
      threads = toString (if processCfg.threads == null then cfg.sidekiqThreads else processCfg.threads);


     

       
120

       
+

       
    in {


     

       
121

       
+

       
      after = [ "network.target" "mastodon-init-dirs.service" ]


     

       
122

       
+

       
        ++ lib.optional databaseActuallyCreateLocally "postgresql.service"


     

       
123

       
+

       
        ++ lib.optional cfg.automaticMigrations "mastodon-init-db.service";


     

       
124

       
+

       
      requires = [ "mastodon-init-dirs.service" ]


     

       
125

       
+

       
        ++ lib.optional databaseActuallyCreateLocally "postgresql.service"


     

       
126

       
+

       
        ++ lib.optional cfg.automaticMigrations "mastodon-init-db.service";


     

       
127

       
+

       
      description = "Mastodon sidekiq${jobClassLabel}";


     

       
128

       
+

       
      wantedBy = [ "mastodon.target" ];


     

       
129

       
+

       
      environment = env // {


     

       
130

       
+

       
        PORT = toString(cfg.sidekiqPort);


     

       
131

       
+

       
        DB_POOL = threads;


     

       
132

       
+

       
      };


     

       
133

       
+

       
      serviceConfig = {


     

       
134

       
+

       
        ExecStart = "${cfg.package}/bin/sidekiq ${jobClassArgs} -c ${threads} -r ${cfg.package}";


     

       
135

       
+

       
        Restart = "always";


     

       
136

       
+

       
        RestartSec = 20;


     

       
137

       
+

       
        EnvironmentFile = [ "/var/lib/mastodon/.secrets_env" ] ++ cfg.extraEnvFiles;


     

       
138

       
+

       
        WorkingDirectory = cfg.package;


     

       
139

       
+

       
        # System Call Filtering


     

       
140

       
+

       
        SystemCallFilter = [ ("~" + lib.concatStringsSep " " systemCallsList) "@chown" "pipe" "pipe2" ];


     

       
141

       
+

       
      } // cfgService;


     

       
142

       
+

       
      path = with pkgs; [ file imagemagick ffmpeg ];


     

       
143

       
+

       
    })


     

       
144

       
+

       
  ) cfg.sidekiqProcesses;


     

       
145

       
+

       



     

       
146

       
 

       
in {


     

       
147

       
 

       



     

       
148

       
 

       
  options = {


     
···

       
228

       
 

       
        type = lib.types.port;


     

       
229

       
 

       
        default = 55002;


     

       
230

       
 

       
      };


     

       
231

       
+

       



     

       
232

       
 

       
      sidekiqThreads = lib.mkOption {


     

       
233

       
+

       
        description = lib.mdDoc "Worker threads used by the mastodon-sidekiq-all service. If `sidekiqProcesses` is configured and any processes specify null `threads`, this value is used.";


     

       
234

       
 

       
        type = lib.types.int;


     

       
235

       
 

       
        default = 25;


     

       
236

       
 

       
      };


     

       
237

       
 

       



     

       
238

       
+

       
      sidekiqProcesses = lib.mkOption {


     

       
239

       
+

       
        description = lib.mdDoc "How many Sidekiq processes should be used to handle background jobs, and which job classes they handle. *Read the [upstream documentation](https://docs.joinmastodon.org/admin/scaling/#sidekiq) before configuring this!*";


     

       
240

       
+

       
        type = with lib.types; attrsOf (submodule {


     

       
241

       
+

       
          options = {


     

       
242

       
+

       
            jobClasses = lib.mkOption {


     

       
243

       
+

       
              type = listOf (enum [ "default" "push" "pull" "mailers" "scheduler" "ingress" ]);


     

       
244

       
+

       
              description = lib.mdDoc "If not empty, which job classes should be executed by this process. *Only one process should handle the 'scheduler' class. If left empty, this process will handle the 'scheduler' class.*";


     

       
245

       
+

       
            };


     

       
246

       
+

       
            threads = lib.mkOption {


     

       
247

       
+

       
              type = nullOr int;


     

       
248

       
+

       
              description = lib.mdDoc "Number of threads this process should use for executing jobs. If null, the configured `sidekiqThreads` are used.";


     

       
249

       
+

       
            };


     

       
250

       
+

       
          };


     

       
251

       
+

       
        });


     

       
252

       
+

       
        default = {


     

       
253

       
+

       
          all = {


     

       
254

       
+

       
            jobClasses = [ ];


     

       
255

       
+

       
            threads = null;


     

       
256

       
+

       
          };


     

       
257

       
+

       
        };


     

       
258

       
+

       
        example = {


     

       
259

       
+

       
          all = {


     

       
260

       
+

       
            jobClasses = [ ];


     

       
261

       
+

       
            threads = null;


     

       
262

       
+

       
          };


     

       
263

       
+

       
          ingress = {


     

       
264

       
+

       
            jobClasses = [ "ingress" ];


     

       
265

       
+

       
            threads = 5;


     

       
266

       
+

       
          };


     

       
267

       
+

       
          default = {


     

       
268

       
+

       
            jobClasses = [ "default" ];


     

       
269

       
+

       
            threads = 10;


     

       
270

       
+

       
          };


     

       
271

       
+

       
          push-pull = {


     

       
272

       
+

       
            jobClasses = [ "push" "pull" ];


     

       
273

       
+

       
            threads = 5;


     

       
274

       
+

       
          };


     

       
275

       
+

       
        };


     

       
276

       
+

       
      };


     

       
277

       
+

       



     

       
278

       
 

       
      vapidPublicKeyFile = lib.mkOption {


     

       
279

       
 

       
        description = lib.mdDoc ''


     

       
280

       
 

       
          Path to file containing the public key used for Web Push


     
···

       
556

       
 

       
    };


     

       
557

       
 

       
  };


     

       
558

       
 

       



     

       
559

       
+

       
  config = lib.mkIf cfg.enable (lib.mkMerge [{


     

       
560

       
 

       
    assertions = [


     

       
561

       
 

       
      {


     

       
562

       
 

       
        assertion = databaseActuallyCreateLocally -> (cfg.user == cfg.database.user);


     
···

       
591

       
 

       



     

       
592

       
 

       
    environment.systemPackages = [ mastodonTootctl ];


     

       
593

       
 

       



     

       
594

       
+

       
    systemd.targets.mastodon = {


     

       
595

       
+

       
      description = "Target for all Mastodon services";


     

       
596

       
+

       
      wantedBy = [ "multi-user.target" ];


     

       
597

       
+

       
      after = [ "network.target" ];


     

       
598

       
+

       
    };


     

       
599

       
+

       



     

       
600

       
 

       
    systemd.services.mastodon-init-dirs = {


     

       
601

       
 

       
      script = ''


     

       
602

       
 

       
        umask 077


     
···

       
631

       
 

       
      environment = env;


     

       
632

       
 

       
      serviceConfig = {


     

       
633

       
 

       
        Type = "oneshot";


     

       
634

       
+

       
        SyslogIdentifier = "mastodon-init-dirs";


     

       
635

       
 

       
        # System Call Filtering


     

       
636

       
 

       
        SystemCallFilter = [ ("~" + lib.concatStringsSep " " (systemCallsList ++ [ "@resources" ])) "@chown" "pipe" "pipe2" ];


     

       
637

       
 

       
      } // cfgService;


     
···

       
689

       
 

       
      requires = [ "mastodon-init-dirs.service" ]


     

       
690

       
 

       
        ++ lib.optional databaseActuallyCreateLocally "postgresql.service"


     

       
691

       
 

       
        ++ lib.optional cfg.automaticMigrations "mastodon-init-db.service";


     

       
692

       
+

       
      wantedBy = [ "mastodon.target" ];


     

       
693

       
 

       
      description = "Mastodon streaming";


     

       
694

       
 

       
      environment = env // (if cfg.enableUnixSocket


     

       
695

       
 

       
        then { SOCKET = "/run/mastodon-streaming/streaming.socket"; }


     
···

       
716

       
 

       
      requires = [ "mastodon-init-dirs.service" ]


     

       
717

       
 

       
        ++ lib.optional databaseActuallyCreateLocally "postgresql.service"


     

       
718

       
 

       
        ++ lib.optional cfg.automaticMigrations "mastodon-init-db.service";


     

       
719

       
+

       
      wantedBy = [ "mastodon.target" ];


     

       
720

       
 

       
      description = "Mastodon web";


     

       
721

       
 

       
      environment = env // (if cfg.enableUnixSocket


     

       
722

       
 

       
        then { SOCKET = "/run/mastodon-web/web.socket"; }


     
···

       
737

       
 

       
      path = with pkgs; [ file imagemagick ffmpeg ];


     

       
738

       
 

       
    };


     

       
739

       
 

       



     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       
740

       
 

       
    systemd.services.mastodon-media-auto-remove = lib.mkIf cfg.mediaAutoRemove.enable {


     

       
741

       
 

       
      description = "Mastodon media auto remove";


     

       
742

       
 

       
      environment = env;


     
···

       
812

       
 

       
    ];


     

       
813

       
 

       



     

       
814

       
 

       
    users.groups.${cfg.group}.members = lib.optional cfg.configureNginx config.services.nginx.user;


     

       
815

       
+

       
  }


     

       
816

       
+

       
  { systemd.services = sidekiqUnits; }


     

       
817

       
+

       
  ]);


     

       
818

       
 

       



     

       
819

       
 

       
  meta.maintainers = with lib.maintainers; [ happy-river erictapen ];


     

       
820
+1 -1
nixos/tests/web-apps/mastodon/script.nix 
···

       
9

       
 

       
  ${extraInit}


     

       
10

       
 

       



     

       
11

       
 

       
  server.wait_for_unit("redis-mastodon.service")


     

       
12

       
-

       
  server.wait_for_unit("mastodon-sidekiq.service")


     

       
13

       
 

       
  server.wait_for_unit("mastodon-streaming.service")


     

       
14

       
 

       
  server.wait_for_unit("mastodon-web.service")


     

       
15

       
 

       
  server.wait_for_open_port(55000)


     
···

       
9

       
 

       
  ${extraInit}


     

       
10

       
 

       



     

       
11

       
 

       
  server.wait_for_unit("redis-mastodon.service")


     

       
12

       
+

       
  server.wait_for_unit("mastodon-sidekiq-all.service")


     

       
13

       
 

       
  server.wait_for_unit("mastodon-streaming.service")


     

       
14

       
 

       
  server.wait_for_unit("mastodon-web.service")


     

       
15

       
 

       
  server.wait_for_open_port(55000)