nix-packages/packages/bookwyrm/nixos-module.nix

{ pkgs  , ... } :

with pkgs ;
with pkgs . kernelmaft ;

{
	systemd = {
		units = {
			"bookwyrm.service" = {
				text = ''
					[Unit]

					After=network.target

					[Service]

					# 'initdb' fails harmlessly if it has been run on the database before
					ExecStartPre=${coreutils-full}/bin/ln -sf ${bookwyrm}/var/lib/bookwyrm/VERSION /var/lib/bookwyrm/
					ExecStartPre=${coreutils-full}/bin/mkdir -p /var/lib/bookwyrm/images
					ExecStartPre=${bookwyrm}/bin/bookwyrm-env ${python311}/bin/python ${bookwyrm}/lib/python3.11/manage.py migrate
					ExecStartPre=-${bookwyrm}/bin/bookwyrm-env ${python311}/bin/python ${bookwyrm}/lib/python3.11/manage.py initdb
					ExecStart=${bookwyrm}/bin/bookwyrm-env ${bookwyrm}/bin/bookwyrm

					WorkingDirectory=/var/lib/bookwyrm

					# Creates /var/lib/bookwyrm directory
					StateDirectory=bookwyrm

					# Creates /run/bookwyrm directory
					RuntimeDirectory=bookwyrm

					User=bookwyrm
					Group=bookwyrm

					ProtectSystem=strict
					ProtectHome=tmpfs
					PrivateTmp=true
					PrivateDevices=true
					PrivateIPC=true
					ProtectHostname=true
					ProtectClock=true
					ProtectKernelTunables=true
					ProtectKernelModules=true
					ProtectControlGroups=true
					RestrictNamespaces=true
					LockPersonality=true
					RestrictRealtime=true
					RestrictSUIDSGID=true
				'' ;
			} ;
		} ;
	} ;

	users = {
		groups = {
			bookwyrm = {} ;
		} ;
		users = {
			bookwyrm = {
				group = "bookwyrm" ;
				home = "/var/lib/bookwyrm" ;
				isSystemUser = true ;
			} ;
		} ;
	} ;

	services = {
		postgresql = {
			ensureUsers = [
				{
					name = "bookwyrm" ;
					ensureDBOwnership = true ;
				}
			] ;
			ensureDatabases = [ "bookwyrm" ] ;
		} ;

		redis = {
			servers = {
				bookwyrm-activity = {
					enable = true ;
					user = "bookwyrm" ;
					group = "bookwyrm" ;
				} ;
				bookwyrm-broker = {
					enable = true ;
					user = "bookwyrm" ;
					group = "bookwyrm" ;
				} ;
			} ;
		} ;
	} ;
}
Fix argument sets in NixOS modules 2025-03-04 13:21:29 +01:00			`{ pkgs , ... } :`
Restructure packages into subdirectories 2025-03-04 13:13:22 +01:00
Fix coreutils-full package reference 2025-03-04 16:02:02 +01:00			`with pkgs ;`
Restructure packages into subdirectories 2025-03-04 13:13:22 +01:00			`with pkgs . kernelmaft ;`

			`{`
			`systemd = {`
			`units = {`
			`"bookwyrm.service" = {`
			`text = ''`
			`[Unit]`
Fix comment in Bookworm systemd unit 2025-03-04 16:09:58 +01:00
Restructure packages into subdirectories 2025-03-04 13:13:22 +01:00			`After=network.target`

			`[Service]`
Fix comment in Bookworm systemd unit 2025-03-04 16:09:58 +01:00
Allow 'initdb' to fail in Bookwyrm systemd unit 2025-03-09 17:24:09 +01:00			`# 'initdb' fails harmlessly if it has been run on the database before`
Fix ExecStartPre failing after first run in Bookwyrm systemd unit 2025-03-04 16:14:51 +01:00			`ExecStartPre=${coreutils-full}/bin/ln -sf ${bookwyrm}/var/lib/bookwyrm/VERSION /var/lib/bookwyrm/`
Specify path for 'mkdir' in Bookwyrm systemd unit 2025-03-13 15:24:20 +01:00			`ExecStartPre=${coreutils-full}/bin/mkdir -p /var/lib/bookwyrm/images`
Add manage.py migrate as ExecStartPre in Bookwyrm systemd unit 2025-03-09 14:48:32 +01:00			`ExecStartPre=${bookwyrm}/bin/bookwyrm-env ${python311}/bin/python ${bookwyrm}/lib/python3.11/manage.py migrate`
Allow 'initdb' to fail in Bookwyrm systemd unit 2025-03-09 17:24:09 +01:00			`ExecStartPre=-${bookwyrm}/bin/bookwyrm-env ${python311}/bin/python ${bookwyrm}/lib/python3.11/manage.py initdb`
Introduce bookwyrm-env in Bookwyrm 2025-03-09 12:55:12 +01:00			`ExecStart=${bookwyrm}/bin/bookwyrm-env ${bookwyrm}/bin/bookwyrm`
Fix comment in Bookworm systemd unit 2025-03-04 16:09:58 +01:00
Fix WorkingDirectory in Bookwyrm systemd unit 2025-03-04 15:16:13 +01:00			`WorkingDirectory=/var/lib/bookwyrm`
Fix comment in Bookworm systemd unit 2025-03-04 16:09:58 +01:00
			`# Creates /var/lib/bookwyrm directory`
			`StateDirectory=bookwyrm`
Run Bookwyrm service under dedicated user 2025-03-04 17:00:35 +01:00
Use RuntimeDirectory option in Bookwyrm unit to create dir for socket 2025-03-07 13:19:18 +01:00			`# Creates /run/bookwyrm directory`
			`RuntimeDirectory=bookwyrm`

Run Bookwyrm service under dedicated user 2025-03-04 17:00:35 +01:00			`User=bookwyrm`
			`Group=bookwyrm`
Enable simple sandboxing in Bookwyrm systemd unit 2025-03-04 18:09:13 +01:00
Revert 45451836bd, made Bookwyrm unit compatible with systemd 256 2025-03-04 18:30:27 +01:00			`ProtectSystem=strict`
			`ProtectHome=tmpfs`
			`PrivateTmp=true`
Enable simple sandboxing in Bookwyrm systemd unit 2025-03-04 18:09:13 +01:00			`PrivateDevices=true`
			`PrivateIPC=true`
			`ProtectHostname=true`
			`ProtectClock=true`
			`ProtectKernelTunables=true`
			`ProtectKernelModules=true`
Revert 45451836bd, made Bookwyrm unit compatible with systemd 256 2025-03-04 18:30:27 +01:00			`ProtectControlGroups=true`
Enable simple sandboxing in Bookwyrm systemd unit 2025-03-04 18:09:13 +01:00			`RestrictNamespaces=true`
			`LockPersonality=true`
			`RestrictRealtime=true`
			`RestrictSUIDSGID=true`
Restructure packages into subdirectories 2025-03-04 13:13:22 +01:00			`'' ;`
			`} ;`
			`} ;`
			`} ;`
Add system user for Bookwyrm service 2025-03-04 17:23:07 +01:00
			`users = {`
			`groups = {`
			`bookwyrm = {} ;`
			`} ;`
			`users = {`
			`bookwyrm = {`
			`group = "bookwyrm" ;`
			`home = "/var/lib/bookwyrm" ;`
			`isSystemUser = true ;`
			`} ;`
			`} ;`
			`} ;`
Enable PostgreSQL in Bookwyrm NixOS module 2025-03-08 16:14:09 +01:00
			`services = {`
Temporarily disable postgresql config in Bookwyrm NixOS module 2025-03-11 13:44:32 +01:00			`postgresql = {`
Enable PostgreSQL in Bookwyrm NixOS module 2025-03-08 16:14:09 +01:00			`ensureUsers = [`
Make bookwyrm user owner of database in Bookwyrm NixOS module 2025-03-08 16:29:55 +01:00			`{`
			`name = "bookwyrm" ;`
			`ensureDBOwnership = true ;`
			`}`
Enable PostgreSQL in Bookwyrm NixOS module 2025-03-08 16:14:09 +01:00			`] ;`
			`ensureDatabases = [ "bookwyrm" ] ;`
			`} ;`
Don't enable PostgreSQL and add Redis server in Bookwyrm NixOS module 2025-03-13 13:38:46 +01:00
			`redis = {`
			`servers = {`
Add separate Redis servers for activity and broker in Bookwyrm module 2025-03-13 13:50:32 +01:00			`bookwyrm-activity = {`
			`enable = true ;`
Run Redis servers under 'bookwyrm' user in Bookwyrm NixOS module 2025-03-13 14:44:08 +01:00			`user = "bookwyrm" ;`
			`group = "bookwyrm" ;`
Add separate Redis servers for activity and broker in Bookwyrm module 2025-03-13 13:50:32 +01:00			`} ;`
			`bookwyrm-broker = {`
Don't enable PostgreSQL and add Redis server in Bookwyrm NixOS module 2025-03-13 13:38:46 +01:00			`enable = true ;`
Run Redis servers under 'bookwyrm' user in Bookwyrm NixOS module 2025-03-13 14:44:08 +01:00			`user = "bookwyrm" ;`
			`group = "bookwyrm" ;`
Don't enable PostgreSQL and add Redis server in Bookwyrm NixOS module 2025-03-13 13:38:46 +01:00			`} ;`
			`} ;`
			`} ;`
Enable PostgreSQL in Bookwyrm NixOS module 2025-03-08 16:14:09 +01:00			`} ;`
Restructure packages into subdirectories 2025-03-04 13:13:22 +01:00			`}`