Merge remote-tracking branch 'origin/staging-next' into staging
This commit is contained in:
commit
5985f13b69
@ -66,9 +66,11 @@ while read -r new_commit_sha ; do
|
||||
git rev-list --max-count=1 --format=medium "$new_commit_sha"
|
||||
echo "-------------------------------------------------"
|
||||
|
||||
# Using the last line with "cherry" + hash, because a chained backport
|
||||
# can result in multiple of those lines. Only the last one counts.
|
||||
original_commit_sha=$(
|
||||
git rev-list --max-count=1 --format=format:%B "$new_commit_sha" \
|
||||
| grep -Ei -m1 "cherry.*[0-9a-f]{40}" \
|
||||
| grep -Ei "cherry.*[0-9a-f]{40}" | tail -n1 \
|
||||
| grep -Eoi -m1 '[0-9a-f]{40}' || true
|
||||
)
|
||||
if [ -z "$original_commit_sha" ] ; then
|
||||
|
@ -259,13 +259,13 @@ in
|
||||
wantedBy = [ "multi-user.target" ];
|
||||
after = [
|
||||
"network.target"
|
||||
"postgresql.service"
|
||||
"postgresql.target"
|
||||
];
|
||||
# note that if you are connecting to a postgres instance on a different host
|
||||
# postgresql.service should not be included in the requires.
|
||||
# postgresql.target should not be included in the requires.
|
||||
requires = [
|
||||
"network-online.target"
|
||||
"postgresql.service"
|
||||
"postgresql.target"
|
||||
];
|
||||
description = "my app";
|
||||
environment = {
|
||||
|
@ -8160,6 +8160,16 @@
|
||||
githubId = 26925347;
|
||||
keys = [ { fingerprint = "0797 D238 9769 CA1E 57B7 2ED9 2BA7 8116 87C9 0DE4"; } ];
|
||||
};
|
||||
felipe-9 = {
|
||||
name = "Felipe Pinto";
|
||||
email = "felipealexandrepinto@icloud.com";
|
||||
github = "Felipe-9";
|
||||
githubId = 32753781;
|
||||
keys = [
|
||||
{ fingerprint = "1533 0D57 3312 0936 AB38 3C9B 7D36 1E4B 83CD AEFB"; }
|
||||
{ fingerprint = "2BD0 AD01 F91D A0DC 47DF 0AEE 7AA1 649F 6B71 42F2"; }
|
||||
];
|
||||
};
|
||||
felipeqq2 = {
|
||||
name = "Felipe Silva";
|
||||
email = "nixpkgs@felipeqq2.rocks";
|
||||
|
@ -1316,22 +1316,14 @@
|
||||
"module-services-postgres-initializing-extra-permissions": [
|
||||
"index.html#module-services-postgres-initializing-extra-permissions"
|
||||
],
|
||||
"module-services-postgres-initializing-extra-permissions-superuser": [
|
||||
"index.html#module-services-postgres-initializing-extra-permissions-superuser"
|
||||
],
|
||||
"module-services-postgres-initializing-extra-permissions-superuser-post-start": [
|
||||
"index.html#module-services-postgres-initializing-extra-permissions-superuser-post-start"
|
||||
],
|
||||
"module-services-postgres-initializing-extra-permissions-superuser-oneshot": [
|
||||
"index.html#module-services-postgres-initializing-extra-permissions-superuser-oneshot"
|
||||
],
|
||||
"module-services-postgres-initializing-extra-permissions-service-user": [
|
||||
"index.html#module-services-postgres-initializing-extra-permissions-superuser-post-start",
|
||||
"index.html#module-services-postgres-initializing-extra-permissions-superuser",
|
||||
"index.html#module-services-postgres-initializing-extra-permissions-service-user-pre-start",
|
||||
"index.html#module-services-postgres-initializing-extra-permissions-service-user"
|
||||
],
|
||||
"module-services-postgres-initializing-extra-permissions-service-user-pre-start": [
|
||||
"index.html#module-services-postgres-initializing-extra-permissions-service-user-pre-start"
|
||||
],
|
||||
"module-services-postgres-initializing-extra-permissions-service-user-oneshot": [
|
||||
"module-services-postgres-initializing-extra-permissions-superuser-oneshot": [
|
||||
"index.html#module-services-postgres-initializing-extra-permissions-superuser-oneshot",
|
||||
"index.html#module-services-postgres-initializing-extra-permissions-service-user-oneshot"
|
||||
],
|
||||
"module-services-postgres-authentication": [
|
||||
|
@ -66,8 +66,12 @@
|
||||
|
||||
- The `yeahwm` package and `services.xserver.windowManager.yeahwm` module were removed due to the package being broken and unmaintained upstream.
|
||||
|
||||
- The `services.postgresql` module now sets up a systemd unit `postgresql.target`. Depending on `postgresql.target` guarantees that postgres is in read-write mode and initial/ensure scripts were executed. Depending on `postgresql.service` only guarantees a read-only connection.
|
||||
|
||||
- The `services.siproxd` module has been removed as `siproxd` is unmaintained and broken with libosip 5.x.
|
||||
|
||||
- `netbox-manage` script created by the `netbox` module no longer uses `sudo -u netbox` internally. It can be run as root and will change it's user to `netbox` using `runuser`
|
||||
|
||||
- `services.dwm-status.extraConfig` was replaced by [RFC0042](https://github.com/NixOS/rfcs/blob/master/rfcs/0042-config-option.md)-compliant [](#opt-services.dwm-status.settings), which is used to generate the config file. `services.dwm-status.order` is now moved to [](#opt-services.dwm-status.settings.order), as it's a part of the config file.
|
||||
|
||||
- `gitversion` was updated to 6.3.0, which includes a number of breaking changes, old configurations may need updating or they will cause the tool to fail to run.
|
||||
|
@ -182,7 +182,7 @@ in
|
||||
requires = [ "network.target" ];
|
||||
# we're adding this optionally so just in case there's any race it'll be caught
|
||||
# in case postgres doesn't start, pgadmin will just start normally
|
||||
wants = [ "postgresql.service" ];
|
||||
wants = [ "postgresql.target" ];
|
||||
|
||||
path = [
|
||||
config.services.postgresql.package
|
||||
|
@ -720,7 +720,7 @@ in
|
||||
systemd.services.bacula-dir = mkIf dir_cfg.enable {
|
||||
after = [
|
||||
"network.target"
|
||||
"postgresql.service"
|
||||
"postgresql.target"
|
||||
];
|
||||
description = "Bacula Director Daemon";
|
||||
wantedBy = [ "multi-user.target" ];
|
||||
|
@ -35,7 +35,7 @@ let
|
||||
|
||||
description = "Backup of ${db} database(s)";
|
||||
|
||||
requires = [ "postgresql.service" ];
|
||||
requires = [ "postgresql.target" ];
|
||||
|
||||
path = [
|
||||
pkgs.coreutils
|
||||
|
@ -334,8 +334,8 @@ in
|
||||
|
||||
systemd.services.hydra-init = {
|
||||
wantedBy = [ "multi-user.target" ];
|
||||
requires = lib.optional haveLocalDB "postgresql.service";
|
||||
after = lib.optional haveLocalDB "postgresql.service";
|
||||
requires = lib.optional haveLocalDB "postgresql.target";
|
||||
after = lib.optional haveLocalDB "postgresql.target";
|
||||
environment = env // {
|
||||
HYDRA_DBI = "${env.HYDRA_DBI};application_name=hydra-init";
|
||||
};
|
||||
|
@ -185,8 +185,8 @@ in
|
||||
config = lib.mkIf cfg.enable {
|
||||
systemd.services.pgmanage = {
|
||||
description = "pgmanage - PostgreSQL Administration for the web";
|
||||
wants = [ "postgresql.service" ];
|
||||
after = [ "postgresql.service" ];
|
||||
wants = [ "postgresql.target" ];
|
||||
after = [ "postgresql.target" ];
|
||||
wantedBy = [ "multi-user.target" ];
|
||||
serviceConfig = {
|
||||
User = pgmanage;
|
||||
|
@ -156,7 +156,7 @@ in
|
||||
wants = [ "network-online.target" ];
|
||||
after = [
|
||||
"network-online.target"
|
||||
"postgresql.service"
|
||||
"postgresql.target"
|
||||
];
|
||||
|
||||
environment =
|
||||
|
@ -89,29 +89,29 @@ database migrations.
|
||||
|
||||
**NOTE:** please make sure that any added migrations are idempotent (re-runnable).
|
||||
|
||||
#### as superuser {#module-services-postgres-initializing-extra-permissions-superuser}
|
||||
#### in database's setup `postStart` {#module-services-postgres-initializing-extra-permissions-superuser-post-start}
|
||||
|
||||
**Advantage:** compatible with postgres < 15, because it's run
|
||||
as the database superuser `postgres`.
|
||||
|
||||
##### in database `postStart` {#module-services-postgres-initializing-extra-permissions-superuser-post-start}
|
||||
|
||||
**Disadvantage:** need to take care of ordering yourself. In this
|
||||
example, `mkAfter` ensures that permissions are assigned after any
|
||||
databases from `ensureDatabases` and `extraUser1` from `ensureUsers`
|
||||
are already created.
|
||||
`ensureUsers` is run in `postgresql-setup`, so this is where `postStart` must be added to:
|
||||
|
||||
```nix
|
||||
{
|
||||
systemd.services.postgresql.postStart = lib.mkAfter ''
|
||||
$PSQL service1 -c 'GRANT SELECT ON ALL TABLES IN SCHEMA public TO "extraUser1"'
|
||||
$PSQL service1 -c 'GRANT SELECT ON ALL SEQUENCES IN SCHEMA public TO "extraUser1"'
|
||||
systemd.services.postgresql-setup.postStart = ''
|
||||
psql service1 -c 'GRANT SELECT ON ALL TABLES IN SCHEMA public TO "extraUser1"'
|
||||
psql service1 -c 'GRANT SELECT ON ALL SEQUENCES IN SCHEMA public TO "extraUser1"'
|
||||
# ....
|
||||
'';
|
||||
}
|
||||
```
|
||||
|
||||
##### in intermediate oneshot service {#module-services-postgres-initializing-extra-permissions-superuser-oneshot}
|
||||
#### in intermediate oneshot service {#module-services-postgres-initializing-extra-permissions-superuser-oneshot}
|
||||
|
||||
Make sure to run this service after `postgresql.target`, not `postgresql.service`.
|
||||
|
||||
They differ in two aspects:
|
||||
- `postgresql.target` includes `postgresql-setup`, so users managed via `ensureUsers` are already created.
|
||||
- `postgresql.target` will wait until PostgreSQL is in read-write mode after restoring from backup, while `postgresql.service` will already be ready when PostgreSQL is still recovering in read-only mode.
|
||||
|
||||
Both can lead to unexpected errors either during initial database creation or restore, when using `postgresql.service`.
|
||||
|
||||
```nix
|
||||
{
|
||||
@ -119,54 +119,13 @@ are already created.
|
||||
serviceConfig.Type = "oneshot";
|
||||
requiredBy = "service1.service";
|
||||
before = "service1.service";
|
||||
after = "postgresql.service";
|
||||
after = "postgresql.target";
|
||||
serviceConfig.User = "postgres";
|
||||
environment.PSQL = "psql --port=${toString services.postgresql.settings.port}";
|
||||
environment.PGPORT = toString services.postgresql.settings.port;
|
||||
path = [ postgresql ];
|
||||
script = ''
|
||||
$PSQL service1 -c 'GRANT SELECT ON ALL TABLES IN SCHEMA public TO "extraUser1"'
|
||||
$PSQL service1 -c 'GRANT SELECT ON ALL SEQUENCES IN SCHEMA public TO "extraUser1"'
|
||||
# ....
|
||||
'';
|
||||
};
|
||||
}
|
||||
```
|
||||
|
||||
#### as service user {#module-services-postgres-initializing-extra-permissions-service-user}
|
||||
|
||||
**Advantage:** re-uses systemd's dependency ordering;
|
||||
|
||||
**Disadvantage:** relies on service user having grant permission. To be combined with `ensureDBOwnership`.
|
||||
|
||||
##### in service `preStart` {#module-services-postgres-initializing-extra-permissions-service-user-pre-start}
|
||||
|
||||
```nix
|
||||
{
|
||||
environment.PSQL = "psql --port=${toString services.postgresql.settings.port}";
|
||||
path = [ postgresql ];
|
||||
systemd.services."service1".preStart = ''
|
||||
$PSQL -c 'GRANT SELECT ON ALL TABLES IN SCHEMA public TO "extraUser1"'
|
||||
$PSQL -c 'GRANT SELECT ON ALL SEQUENCES IN SCHEMA public TO "extraUser1"'
|
||||
# ....
|
||||
'';
|
||||
}
|
||||
```
|
||||
|
||||
##### in intermediate oneshot service {#module-services-postgres-initializing-extra-permissions-service-user-oneshot}
|
||||
|
||||
```nix
|
||||
{
|
||||
systemd.services."migrate-service1-db1" = {
|
||||
serviceConfig.Type = "oneshot";
|
||||
requiredBy = "service1.service";
|
||||
before = "service1.service";
|
||||
after = "postgresql.service";
|
||||
serviceConfig.User = "service1";
|
||||
environment.PSQL = "psql --port=${toString services.postgresql.settings.port}";
|
||||
path = [ postgresql ];
|
||||
script = ''
|
||||
$PSQL -c 'GRANT SELECT ON ALL TABLES IN SCHEMA public TO "extraUser1"'
|
||||
$PSQL -c 'GRANT SELECT ON ALL SEQUENCES IN SCHEMA public TO "extraUser1"'
|
||||
psql service1 -c 'GRANT SELECT ON ALL TABLES IN SCHEMA public TO "extraUser1"'
|
||||
psql service1 -c 'GRANT SELECT ON ALL SEQUENCES IN SCHEMA public TO "extraUser1"'
|
||||
# ....
|
||||
'';
|
||||
};
|
||||
|
@ -751,12 +751,23 @@ in
|
||||
cfg.checkConfig && pkgs.stdenv.hostPlatform == pkgs.stdenv.buildPlatform
|
||||
) configFileCheck;
|
||||
|
||||
systemd.targets.postgresql = {
|
||||
description = "PostgreSQL";
|
||||
wantedBy = [ "multi-user.target" ];
|
||||
bindsTo = [
|
||||
"postgresql.service"
|
||||
"postgresql-setup.service"
|
||||
];
|
||||
};
|
||||
|
||||
systemd.services.postgresql = {
|
||||
description = "PostgreSQL Server";
|
||||
|
||||
wantedBy = [ "multi-user.target" ];
|
||||
after = [ "network.target" ];
|
||||
|
||||
# To trigger the .target also on "systemctl start postgresql".
|
||||
bindsTo = [ "postgresql.target" ];
|
||||
|
||||
environment.PGDATA = cfg.dataDir;
|
||||
|
||||
path = [ cfg.finalPackage ];
|
||||
@ -776,49 +787,6 @@ in
|
||||
ln -sfn "${configFile}/postgresql.conf" "${cfg.dataDir}/postgresql.conf"
|
||||
'';
|
||||
|
||||
# Wait for PostgreSQL to be ready to accept connections.
|
||||
postStart =
|
||||
''
|
||||
PSQL="psql --port=${builtins.toString cfg.settings.port}"
|
||||
|
||||
while ! $PSQL -d postgres -c "" 2> /dev/null; do
|
||||
if ! kill -0 "$MAINPID"; then exit 1; fi
|
||||
sleep 0.1
|
||||
done
|
||||
|
||||
if test -e "${cfg.dataDir}/.first_startup"; then
|
||||
${optionalString (cfg.initialScript != null) ''
|
||||
$PSQL -f "${cfg.initialScript}" -d postgres
|
||||
''}
|
||||
rm -f "${cfg.dataDir}/.first_startup"
|
||||
fi
|
||||
''
|
||||
+ optionalString (cfg.ensureDatabases != [ ]) ''
|
||||
${concatMapStrings (database: ''
|
||||
$PSQL -tAc "SELECT 1 FROM pg_database WHERE datname = '${database}'" | grep -q 1 || $PSQL -tAc 'CREATE DATABASE "${database}"'
|
||||
'') cfg.ensureDatabases}
|
||||
''
|
||||
+ ''
|
||||
${concatMapStrings (
|
||||
user:
|
||||
let
|
||||
dbOwnershipStmt = optionalString user.ensureDBOwnership ''$PSQL -tAc 'ALTER DATABASE "${user.name}" OWNER TO "${user.name}";' '';
|
||||
|
||||
filteredClauses = filterAttrs (name: value: value != null) user.ensureClauses;
|
||||
|
||||
clauseSqlStatements = attrValues (mapAttrs (n: v: if v then n else "no${n}") filteredClauses);
|
||||
|
||||
userClauses = ''$PSQL -tAc 'ALTER ROLE "${user.name}" ${concatStringsSep " " clauseSqlStatements}' '';
|
||||
in
|
||||
''
|
||||
$PSQL -tAc "SELECT 1 FROM pg_roles WHERE rolname='${user.name}'" | grep -q 1 || $PSQL -tAc 'CREATE USER "${user.name}"'
|
||||
${userClauses}
|
||||
|
||||
${dbOwnershipStmt}
|
||||
''
|
||||
) cfg.ensureUsers}
|
||||
'';
|
||||
|
||||
serviceConfig = mkMerge [
|
||||
{
|
||||
ExecReload = "${pkgs.coreutils}/bin/kill -HUP $MAINPID";
|
||||
@ -891,11 +859,74 @@ in
|
||||
|
||||
unitConfig.RequiresMountsFor = "${cfg.dataDir}";
|
||||
};
|
||||
|
||||
systemd.services.postgresql-setup = {
|
||||
description = "PostgreSQL Setup Scripts";
|
||||
|
||||
requires = [ "postgresql.service" ];
|
||||
after = [ "postgresql.service" ];
|
||||
|
||||
serviceConfig = {
|
||||
User = "postgres";
|
||||
Group = "postgres";
|
||||
Type = "oneshot";
|
||||
RemainAfterExit = true;
|
||||
};
|
||||
|
||||
path = [ cfg.finalPackage ];
|
||||
environment.PGPORT = builtins.toString cfg.settings.port;
|
||||
|
||||
# Wait for PostgreSQL to be ready to accept connections.
|
||||
script =
|
||||
''
|
||||
check-connection() {
|
||||
psql -d postgres -v ON_ERROR_STOP=1 <<-' EOF'
|
||||
SELECT pg_is_in_recovery() \gset
|
||||
\if :pg_is_in_recovery
|
||||
\i still-recovering
|
||||
\endif
|
||||
EOF
|
||||
}
|
||||
while ! check-connection 2> /dev/null; do
|
||||
if ! systemctl is-active --quiet postgresql.service; then exit 1; fi
|
||||
sleep 0.1
|
||||
done
|
||||
|
||||
if test -e "${cfg.dataDir}/.first_startup"; then
|
||||
${optionalString (cfg.initialScript != null) ''
|
||||
psql -f "${cfg.initialScript}" -d postgres
|
||||
''}
|
||||
rm -f "${cfg.dataDir}/.first_startup"
|
||||
fi
|
||||
''
|
||||
+ optionalString (cfg.ensureDatabases != [ ]) ''
|
||||
${concatMapStrings (database: ''
|
||||
psql -tAc "SELECT 1 FROM pg_database WHERE datname = '${database}'" | grep -q 1 || psql -tAc 'CREATE DATABASE "${database}"'
|
||||
'') cfg.ensureDatabases}
|
||||
''
|
||||
+ ''
|
||||
${concatMapStrings (
|
||||
user:
|
||||
let
|
||||
dbOwnershipStmt = optionalString user.ensureDBOwnership ''psql -tAc 'ALTER DATABASE "${user.name}" OWNER TO "${user.name}";' '';
|
||||
|
||||
filteredClauses = filterAttrs (name: value: value != null) user.ensureClauses;
|
||||
|
||||
clauseSqlStatements = attrValues (mapAttrs (n: v: if v then n else "no${n}") filteredClauses);
|
||||
|
||||
userClauses = ''psql -tAc 'ALTER ROLE "${user.name}" ${concatStringsSep " " clauseSqlStatements}' '';
|
||||
in
|
||||
''
|
||||
psql -tAc "SELECT 1 FROM pg_roles WHERE rolname='${user.name}'" | grep -q 1 || psql -tAc 'CREATE USER "${user.name}"'
|
||||
${userClauses}
|
||||
|
||||
${dbOwnershipStmt}
|
||||
''
|
||||
) cfg.ensureUsers}
|
||||
'';
|
||||
};
|
||||
};
|
||||
|
||||
meta.doc = ./postgresql.md;
|
||||
meta.maintainers = with lib.maintainers; [
|
||||
thoughtpolice
|
||||
danbst
|
||||
];
|
||||
meta.maintainers = pkgs.postgresql.meta.maintainers;
|
||||
}
|
||||
|
@ -256,7 +256,7 @@ in
|
||||
wants = [ "network-online.target" ];
|
||||
after = [
|
||||
"network-online.target"
|
||||
"postgresql.service"
|
||||
"postgresql.target"
|
||||
];
|
||||
|
||||
serviceConfig = {
|
||||
|
@ -275,13 +275,13 @@ in
|
||||
"systemd-tmpfiles-setup.service"
|
||||
]
|
||||
++ lib.optionals (cfg.database.createLocally) [
|
||||
"postgresql.service"
|
||||
"postgresql.target"
|
||||
]
|
||||
++ lib.optionals cfg.redis.createLocally [
|
||||
"redis-${cfg.redis.name}.service"
|
||||
];
|
||||
requires = lib.optionals (cfg.database.createLocally) [
|
||||
"postgresql.service"
|
||||
"postgresql.target"
|
||||
];
|
||||
description = "Zammad web";
|
||||
wantedBy = [ "multi-user.target" ];
|
||||
|
@ -123,8 +123,8 @@ libeufinComponent:
|
||||
echo "Bank initialisation complete"
|
||||
fi
|
||||
'';
|
||||
requires = lib.optionals cfg.createLocalDatabase [ "postgresql.service" ];
|
||||
after = [ "network.target" ] ++ lib.optionals cfg.createLocalDatabase [ "postgresql.service" ];
|
||||
requires = lib.optionals cfg.createLocalDatabase [ "postgresql.target" ];
|
||||
after = [ "network.target" ] ++ lib.optionals cfg.createLocalDatabase [ "postgresql.target" ];
|
||||
};
|
||||
};
|
||||
|
||||
|
@ -119,13 +119,13 @@ in
|
||||
wantedBy = [ "multi-user.target" ];
|
||||
after = [
|
||||
"network.target"
|
||||
"postgresql.service"
|
||||
"postgresql.target"
|
||||
];
|
||||
|
||||
# pg_dump
|
||||
path = [ config.services.postgresql.package ];
|
||||
|
||||
requires = [ "postgresql.service" ];
|
||||
requires = [ "postgresql.target" ];
|
||||
|
||||
serviceConfig = {
|
||||
ExecStart = "${cfg.package}/bin/odoo";
|
||||
|
@ -89,8 +89,8 @@ in
|
||||
Restart = "on-failure";
|
||||
RestartSec = "5s";
|
||||
};
|
||||
requires = [ "postgresql.service" ];
|
||||
after = [ "postgresql.service" ];
|
||||
requires = [ "postgresql.target" ];
|
||||
after = [ "postgresql.target" ];
|
||||
};
|
||||
}
|
||||
];
|
||||
|
@ -623,7 +623,7 @@ in
|
||||
|
||||
# prevent races with database creation
|
||||
"mysql.service"
|
||||
"postgresql.service"
|
||||
"postgresql.target"
|
||||
];
|
||||
reloadTriggers =
|
||||
optionals (cfg.config != null) [ configFile ]
|
||||
|
@ -107,7 +107,7 @@ in
|
||||
systemd.services.dspam = {
|
||||
description = "dspam spam filtering daemon";
|
||||
wantedBy = [ "multi-user.target" ];
|
||||
after = [ "postgresql.service" ];
|
||||
after = [ "postgresql.target" ];
|
||||
restartTriggers = [ cfgfile ];
|
||||
|
||||
serviceConfig = {
|
||||
|
@ -193,7 +193,7 @@ in
|
||||
|
||||
systemd.services.listmonk = {
|
||||
description = "Listmonk - newsletter and mailing list manager";
|
||||
after = [ "network.target" ] ++ lib.optional cfg.database.createLocally "postgresql.service";
|
||||
after = [ "network.target" ] ++ lib.optional cfg.database.createLocally "postgresql.target";
|
||||
wantedBy = [ "multi-user.target" ];
|
||||
serviceConfig = {
|
||||
Type = "exec";
|
||||
|
@ -575,9 +575,9 @@ in
|
||||
after =
|
||||
[ "network.target" ]
|
||||
++ lib.optional cfg.enablePostfix "postfix-setup.service"
|
||||
++ lib.optional withPostgresql "postgresql.service";
|
||||
++ lib.optional withPostgresql "postgresql.target";
|
||||
restartTriggers = [ mailmanCfgFile ];
|
||||
requires = lib.optional withPostgresql "postgresql.service";
|
||||
requires = lib.optional withPostgresql "postgresql.target";
|
||||
wantedBy = [ "multi-user.target" ];
|
||||
serviceConfig = {
|
||||
ExecStart = "${mailmanEnv}/bin/mailman start";
|
||||
@ -609,8 +609,8 @@ in
|
||||
"hyperkitty.service"
|
||||
];
|
||||
path = with pkgs; [ jq ];
|
||||
after = lib.optional withPostgresql "postgresql.service";
|
||||
requires = lib.optional withPostgresql "postgresql.service";
|
||||
after = lib.optional withPostgresql "postgresql.target";
|
||||
requires = lib.optional withPostgresql "postgresql.target";
|
||||
serviceConfig.RemainAfterExit = true;
|
||||
serviceConfig.Type = "oneshot";
|
||||
script = ''
|
||||
@ -709,11 +709,11 @@ in
|
||||
in
|
||||
{
|
||||
wantedBy = [ "multi-user.target" ];
|
||||
after = lib.optional withPostgresql "postgresql.service";
|
||||
after = lib.optional withPostgresql "postgresql.target";
|
||||
requires = [
|
||||
"mailman-uwsgi.socket"
|
||||
"mailman-web-setup.service"
|
||||
] ++ lib.optional withPostgresql "postgresql.service";
|
||||
] ++ lib.optional withPostgresql "postgresql.target";
|
||||
restartTriggers = [ config.environment.etc."mailman3/settings.py".source ];
|
||||
serviceConfig = {
|
||||
# Since the mailman-web settings.py obstinately creates a logs
|
||||
|
@ -148,8 +148,8 @@ in
|
||||
# objects owners and extensions; for now we tack on what's needed
|
||||
# here.
|
||||
systemd.services.postfixadmin-postgres = lib.mkIf localDB {
|
||||
after = [ "postgresql.service" ];
|
||||
bindsTo = [ "postgresql.service" ];
|
||||
after = [ "postgresql.target" ];
|
||||
bindsTo = [ "postgresql.target" ];
|
||||
wantedBy = [ "multi-user.target" ];
|
||||
path = [
|
||||
pgsql.package
|
||||
|
@ -273,8 +273,8 @@ in
|
||||
|
||||
systemd.services.roundcube-setup = lib.mkMerge [
|
||||
(lib.mkIf localDB {
|
||||
requires = [ "postgresql.service" ];
|
||||
after = [ "postgresql.service" ];
|
||||
requires = [ "postgresql.target" ];
|
||||
after = [ "postgresql.target" ];
|
||||
})
|
||||
{
|
||||
wants = [ "network-online.target" ];
|
||||
|
@ -196,7 +196,7 @@ in
|
||||
description = "Matrix-IRC bridge";
|
||||
before = [ "matrix-synapse.service" ]; # So the registration can be used by Synapse
|
||||
after = lib.optionals (cfg.settings.database.engine == "postgres") [
|
||||
"postgresql.service"
|
||||
"postgresql.target"
|
||||
];
|
||||
wantedBy = [ "multi-user.target" ];
|
||||
|
||||
|
@ -440,7 +440,7 @@ in
|
||||
|
||||
systemd.services.maubot = rec {
|
||||
description = "maubot - a plugin-based Matrix bot system written in Python";
|
||||
after = [ "network.target" ] ++ wants ++ lib.optional hasLocalPostgresDB "postgresql.service";
|
||||
after = [ "network.target" ] ++ wants ++ lib.optional hasLocalPostgresDB "postgresql.target";
|
||||
# all plugins get automatically disabled if maubot starts before synapse
|
||||
wants = lib.optional config.services.matrix-synapse.enable config.services.matrix-synapse.serviceUnit;
|
||||
wantedBy = [ "multi-user.target" ];
|
||||
|
@ -119,7 +119,7 @@ in
|
||||
systemd.services.synapse-auto-compressor = {
|
||||
description = "synapse-auto-compressor";
|
||||
requires = lib.optionals synapseUsesLocalPostgresql [
|
||||
"postgresql.service"
|
||||
"postgresql.target"
|
||||
];
|
||||
inherit (cfg) startAt;
|
||||
serviceConfig = {
|
||||
|
@ -1439,7 +1439,7 @@ in
|
||||
systemd.targets.matrix-synapse = lib.mkIf hasWorkers {
|
||||
description = "Synapse Matrix parent target";
|
||||
wants = [ "network-online.target" ];
|
||||
after = [ "network-online.target" ] ++ optional hasLocalPostgresDB "postgresql.service";
|
||||
after = [ "network-online.target" ] ++ optional hasLocalPostgresDB "postgresql.target";
|
||||
wantedBy = [ "multi-user.target" ];
|
||||
};
|
||||
|
||||
@ -1451,13 +1451,13 @@ in
|
||||
partOf = [ "matrix-synapse.target" ];
|
||||
wantedBy = [ "matrix-synapse.target" ];
|
||||
unitConfig.ReloadPropagatedFrom = "matrix-synapse.target";
|
||||
requires = optional hasLocalPostgresDB "postgresql.service";
|
||||
requires = optional hasLocalPostgresDB "postgresql.target";
|
||||
}
|
||||
else
|
||||
{
|
||||
wants = [ "network-online.target" ];
|
||||
after = [ "network-online.target" ] ++ optional hasLocalPostgresDB "postgresql.service";
|
||||
requires = optional hasLocalPostgresDB "postgresql.service";
|
||||
after = [ "network-online.target" ] ++ optional hasLocalPostgresDB "postgresql.target";
|
||||
requires = optional hasLocalPostgresDB "postgresql.target";
|
||||
wantedBy = [ "multi-user.target" ];
|
||||
};
|
||||
baseServiceConfig = {
|
||||
|
@ -92,13 +92,13 @@ in
|
||||
|
||||
systemd.services.atuin = {
|
||||
description = "atuin server";
|
||||
requires = lib.optionals cfg.database.createLocally [ "postgresql.service" ];
|
||||
requires = lib.optionals cfg.database.createLocally [ "postgresql.target" ];
|
||||
after = [
|
||||
"network-online.target"
|
||||
] ++ lib.optionals cfg.database.createLocally [ "postgresql.service" ];
|
||||
] ++ lib.optionals cfg.database.createLocally [ "postgresql.target" ];
|
||||
wants = [
|
||||
"network-online.target"
|
||||
] ++ lib.optionals cfg.database.createLocally [ "postgresql.service" ];
|
||||
] ++ lib.optionals cfg.database.createLocally [ "postgresql.target" ];
|
||||
wantedBy = [ "multi-user.target" ];
|
||||
|
||||
serviceConfig = {
|
||||
|
@ -77,7 +77,7 @@ in
|
||||
[ "dbus.service" ]
|
||||
++ lib.optional config.services.httpd.enable "httpd.service"
|
||||
++ lib.optional config.services.mysql.enable "mysql.service"
|
||||
++ lib.optional config.services.postgresql.enable "postgresql.service"
|
||||
++ lib.optional config.services.postgresql.enable "postgresql.target"
|
||||
++ lib.optional config.services.tomcat.enable "tomcat.service"
|
||||
++ lib.optional config.services.svnserve.enable "svnserve.service"
|
||||
++ lib.optional config.services.mongodb.enable "mongodb.service"
|
||||
|
@ -663,7 +663,7 @@ in
|
||||
"network.target"
|
||||
]
|
||||
++ optionals usePostgresql [
|
||||
"postgresql.service"
|
||||
"postgresql.target"
|
||||
]
|
||||
++ optionals useMysql [
|
||||
"mysql.service"
|
||||
@ -673,7 +673,7 @@ in
|
||||
];
|
||||
requires =
|
||||
optionals (cfg.database.createDatabase && usePostgresql) [
|
||||
"postgresql.service"
|
||||
"postgresql.target"
|
||||
]
|
||||
++ optionals (cfg.database.createDatabase && useMysql) [
|
||||
"mysql.service"
|
||||
|
@ -238,7 +238,7 @@ in
|
||||
|
||||
wants =
|
||||
with cfg.backend;
|
||||
[ ] ++ lib.optionals (service == "sql" && sql.driver == "native_pgsql") [ "postgresql.service" ];
|
||||
[ ] ++ lib.optionals (service == "sql" && sql.driver == "native_pgsql") [ "postgresql.target" ];
|
||||
|
||||
preStart =
|
||||
with cfg.backend;
|
||||
|
@ -758,10 +758,10 @@ in
|
||||
description = "gitea";
|
||||
after =
|
||||
[ "network.target" ]
|
||||
++ optional usePostgresql "postgresql.service"
|
||||
++ optional usePostgresql "postgresql.target"
|
||||
++ optional useMysql "mysql.service";
|
||||
requires =
|
||||
optional (cfg.database.createDatabase && usePostgresql) "postgresql.service"
|
||||
optional (cfg.database.createDatabase && usePostgresql) "postgresql.target"
|
||||
++ optional (cfg.database.createDatabase && useMysql) "mysql.service";
|
||||
wantedBy = [ "multi-user.target" ];
|
||||
path = [
|
||||
|
@ -1295,8 +1295,8 @@ in
|
||||
pgsql = config.services.postgresql;
|
||||
in
|
||||
mkIf databaseActuallyCreateLocally {
|
||||
after = [ "postgresql.service" ];
|
||||
bindsTo = [ "postgresql.service" ];
|
||||
after = [ "postgresql.target" ];
|
||||
bindsTo = [ "postgresql.target" ];
|
||||
wantedBy = [ "gitlab.target" ];
|
||||
partOf = [ "gitlab.target" ];
|
||||
path = [
|
||||
@ -1561,12 +1561,12 @@ in
|
||||
systemd.services.gitlab-db-config = {
|
||||
after = [
|
||||
"gitlab-config.service"
|
||||
"gitlab-postgresql.service"
|
||||
"postgresql.service"
|
||||
"gitlab-postgresql.target"
|
||||
"postgresql.target"
|
||||
];
|
||||
wants =
|
||||
optional (cfg.databaseHost == "") "postgresql.service"
|
||||
++ optional databaseActuallyCreateLocally "gitlab-postgresql.service";
|
||||
optional (cfg.databaseHost == "") "postgresql.target"
|
||||
++ optional databaseActuallyCreateLocally "gitlab-postgresql.target";
|
||||
bindsTo = [ "gitlab-config.service" ];
|
||||
wantedBy = [ "gitlab.target" ];
|
||||
partOf = [ "gitlab.target" ];
|
||||
@ -1596,7 +1596,7 @@ in
|
||||
after = [
|
||||
"network.target"
|
||||
"redis-gitlab.service"
|
||||
"postgresql.service"
|
||||
"postgresql.target"
|
||||
"gitlab-config.service"
|
||||
"gitlab-db-config.service"
|
||||
];
|
||||
@ -1604,7 +1604,7 @@ in
|
||||
"gitlab-config.service"
|
||||
"gitlab-db-config.service"
|
||||
];
|
||||
wants = [ "redis-gitlab.service" ] ++ optional (cfg.databaseHost == "") "postgresql.service";
|
||||
wants = [ "redis-gitlab.service" ] ++ optional (cfg.databaseHost == "") "postgresql.target";
|
||||
wantedBy = [ "gitlab.target" ];
|
||||
partOf = [ "gitlab.target" ];
|
||||
environment =
|
||||
@ -1847,7 +1847,7 @@ in
|
||||
"gitlab-config.service"
|
||||
"gitlab-db-config.service"
|
||||
];
|
||||
wants = [ "redis-gitlab.service" ] ++ optional (cfg.databaseHost == "") "postgresql.service";
|
||||
wants = [ "redis-gitlab.service" ] ++ optional (cfg.databaseHost == "") "postgresql.target";
|
||||
requiredBy = [ "gitlab.target" ];
|
||||
partOf = [ "gitlab.target" ];
|
||||
environment = gitlabEnv;
|
||||
|
@ -491,18 +491,18 @@ in
|
||||
fi
|
||||
fi
|
||||
'';
|
||||
requires = lib.optional cfg.database.createLocally "postgresql.service";
|
||||
requires = lib.optional cfg.database.createLocally "postgresql.target";
|
||||
after =
|
||||
lib.optional enableRedis "redis-paperless.service"
|
||||
++ lib.optional cfg.database.createLocally "postgresql.service";
|
||||
++ lib.optional cfg.database.createLocally "postgresql.target";
|
||||
};
|
||||
|
||||
systemd.services.paperless-task-queue = {
|
||||
description = "Paperless Celery Workers";
|
||||
requires = lib.optional cfg.database.createLocally "postgresql.service";
|
||||
requires = lib.optional cfg.database.createLocally "postgresql.target";
|
||||
after = [
|
||||
"paperless-scheduler.service"
|
||||
] ++ lib.optional cfg.database.createLocally "postgresql.service";
|
||||
] ++ lib.optional cfg.database.createLocally "postgresql.target";
|
||||
serviceConfig = defaultServiceConfig // {
|
||||
User = cfg.user;
|
||||
ExecStart = "${cfg.package}/bin/celery --app paperless worker --loglevel INFO";
|
||||
@ -520,10 +520,10 @@ in
|
||||
# Bind to `paperless-scheduler` so that the consumer never runs
|
||||
# during migrations
|
||||
bindsTo = [ "paperless-scheduler.service" ];
|
||||
requires = lib.optional cfg.database.createLocally "postgresql.service";
|
||||
requires = lib.optional cfg.database.createLocally "postgresql.target";
|
||||
after = [
|
||||
"paperless-scheduler.service"
|
||||
] ++ lib.optional cfg.database.createLocally "postgresql.service";
|
||||
] ++ lib.optional cfg.database.createLocally "postgresql.target";
|
||||
serviceConfig = defaultServiceConfig // {
|
||||
User = cfg.user;
|
||||
ExecStart = "${cfg.package}/bin/paperless-ngx document_consumer";
|
||||
@ -541,10 +541,10 @@ in
|
||||
# Bind to `paperless-scheduler` so that the web server never runs
|
||||
# during migrations
|
||||
bindsTo = [ "paperless-scheduler.service" ];
|
||||
requires = lib.optional cfg.database.createLocally "postgresql.service";
|
||||
requires = lib.optional cfg.database.createLocally "postgresql.target";
|
||||
after = [
|
||||
"paperless-scheduler.service"
|
||||
] ++ lib.optional cfg.database.createLocally "postgresql.service";
|
||||
] ++ lib.optional cfg.database.createLocally "postgresql.target";
|
||||
# Setup PAPERLESS_SECRET_KEY.
|
||||
# If this environment variable is left unset, paperless-ngx defaults
|
||||
# to a well-known value, which is insecure.
|
||||
|
@ -374,7 +374,7 @@ in
|
||||
after =
|
||||
[ "network.target" ]
|
||||
++ lib.optional mysqlLocal "mysql.service"
|
||||
++ lib.optional pgsqlLocal "postgresql.service";
|
||||
++ lib.optional pgsqlLocal "postgresql.target";
|
||||
wantedBy = [ "multi-user.target" ];
|
||||
environment.RAILS_ENV = "production";
|
||||
environment.RAILS_CACHE = "${cfg.stateDir}/cache";
|
||||
|
@ -52,10 +52,10 @@ let
|
||||
{
|
||||
after =
|
||||
[ "network.target" ]
|
||||
++ optional cfg.postgresql.enable "postgresql.service"
|
||||
++ optional cfg.postgresql.enable "postgresql.target"
|
||||
++ optional cfg.redis.enable "redis-sourcehut-${srvsrht}.service";
|
||||
requires =
|
||||
optional cfg.postgresql.enable "postgresql.service"
|
||||
optional cfg.postgresql.enable "postgresql.target"
|
||||
++ optional cfg.redis.enable "redis-sourcehut-${srvsrht}.service";
|
||||
path = [ pkgs.gawk ];
|
||||
environment.HOME = runDir;
|
||||
@ -482,11 +482,9 @@ in
|
||||
&& lib.strings.versionAtLeast config.services.postgresql.package.version "15.0"
|
||||
)
|
||||
{
|
||||
postgresql.postStart = (
|
||||
lib.mkAfter ''
|
||||
$PSQL -tAc 'ALTER DATABASE "${srvCfg.postgresql.database}" OWNER TO "${srvCfg.user}";'
|
||||
''
|
||||
);
|
||||
postgresql-setup.postStart = ''
|
||||
psql -tAc 'ALTER DATABASE "${srvCfg.postgresql.database}" OWNER TO "${srvCfg.user}";'
|
||||
'';
|
||||
}
|
||||
)
|
||||
];
|
||||
|
@ -2020,7 +2020,7 @@ in
|
||||
wantedBy = [ "multi-user.target" ];
|
||||
after =
|
||||
[ "networking.target" ]
|
||||
++ lib.optional usePostgresql "postgresql.service"
|
||||
++ lib.optional usePostgresql "postgresql.target"
|
||||
++ lib.optional useMysql "mysql.service";
|
||||
script = ''
|
||||
set -o errexit -o pipefail -o nounset -o errtrace
|
||||
|
@ -337,7 +337,7 @@ in
|
||||
description = "Zabbix Proxy";
|
||||
|
||||
wantedBy = [ "multi-user.target" ];
|
||||
after = optional mysqlLocal "mysql.service" ++ optional pgsqlLocal "postgresql.service";
|
||||
after = optional mysqlLocal "mysql.service" ++ optional pgsqlLocal "postgresql.target";
|
||||
|
||||
path = [ "/run/wrappers" ] ++ cfg.extraPackages;
|
||||
preStart =
|
||||
|
@ -328,7 +328,7 @@ in
|
||||
description = "Zabbix Server";
|
||||
|
||||
wantedBy = [ "multi-user.target" ];
|
||||
after = optional mysqlLocal "mysql.service" ++ optional pgsqlLocal "postgresql.service";
|
||||
after = optional mysqlLocal "mysql.service" ++ optional pgsqlLocal "postgresql.target";
|
||||
|
||||
path = [ "/run/wrappers" ] ++ cfg.extraPackages;
|
||||
preStart =
|
||||
@ -374,7 +374,7 @@ in
|
||||
|
||||
systemd.services.httpd.after =
|
||||
optional (config.services.zabbixWeb.enable && mysqlLocal) "mysql.service"
|
||||
++ optional (config.services.zabbixWeb.enable && pgsqlLocal) "postgresql.service";
|
||||
++ optional (config.services.zabbixWeb.enable && pgsqlLocal) "postgresql.target";
|
||||
|
||||
};
|
||||
|
||||
|
@ -169,8 +169,8 @@ in
|
||||
|
||||
systemd.services.atticd = {
|
||||
wantedBy = [ "multi-user.target" ];
|
||||
after = [ "network-online.target" ] ++ lib.optionals hasLocalPostgresDB [ "postgresql.service" ];
|
||||
requires = lib.optionals hasLocalPostgresDB [ "postgresql.service" ];
|
||||
after = [ "network-online.target" ] ++ lib.optionals hasLocalPostgresDB [ "postgresql.target" ];
|
||||
requires = lib.optionals hasLocalPostgresDB [ "postgresql.target" ];
|
||||
wants = [ "network-online.target" ];
|
||||
|
||||
serviceConfig = {
|
||||
|
@ -1105,8 +1105,8 @@ in
|
||||
systemd.services.firezone-initialize = {
|
||||
description = "Backend initialization service for the Firezone zero-trust access platform";
|
||||
|
||||
after = mkIf cfg.enableLocalDB [ "postgresql.service" ];
|
||||
requires = mkIf cfg.enableLocalDB [ "postgresql.service" ];
|
||||
after = mkIf cfg.enableLocalDB [ "postgresql.target" ];
|
||||
requires = mkIf cfg.enableLocalDB [ "postgresql.target" ];
|
||||
wantedBy = [ "firezone.target" ];
|
||||
partOf = [ "firezone.target" ];
|
||||
|
||||
|
@ -122,7 +122,7 @@ in
|
||||
wants = [ "network-online.target" ];
|
||||
after = [
|
||||
"network-online.target"
|
||||
"postgresql.service"
|
||||
"postgresql.target"
|
||||
];
|
||||
wantedBy = [ "pleroma.service" ];
|
||||
environment.RELEASE_COOKIE = "/var/lib/pleroma/.cookie";
|
||||
|
@ -53,7 +53,7 @@ in
|
||||
after = [
|
||||
"network.target"
|
||||
"mysql.service"
|
||||
"postgresql.service"
|
||||
"postgresql.target"
|
||||
"openldap.service"
|
||||
];
|
||||
|
||||
|
@ -120,7 +120,7 @@ in
|
||||
wantedBy = [ "multi-user.target" ];
|
||||
after =
|
||||
[ "network.target" ]
|
||||
++ optional config.services.postgresql.enable "postgresql.service"
|
||||
++ optional config.services.postgresql.enable "postgresql.target"
|
||||
++ optional config.services.mysql.enable "mysql.service";
|
||||
|
||||
serviceConfig = {
|
||||
|
@ -283,7 +283,7 @@ in
|
||||
systemd.services.canaille-install = {
|
||||
# We want this on boot, not on socket activation
|
||||
wantedBy = [ "multi-user.target" ];
|
||||
after = optional createLocalPostgresqlDb "postgresql.service";
|
||||
after = optional createLocalPostgresqlDb "postgresql.target";
|
||||
serviceConfig = commonServiceConfig // {
|
||||
Type = "oneshot";
|
||||
ExecStart = "${getExe finalPackage} install";
|
||||
@ -296,7 +296,7 @@ in
|
||||
after = [
|
||||
"network.target"
|
||||
"canaille-install.service"
|
||||
] ++ optional createLocalPostgresqlDb "postgresql.service";
|
||||
] ++ optional createLocalPostgresqlDb "postgresql.target";
|
||||
requires = [
|
||||
"canaille-install.service"
|
||||
"canaille.socket"
|
||||
|
@ -127,8 +127,8 @@ in
|
||||
wantedBy = [ "multi-user.target" ];
|
||||
after = [
|
||||
"network.target"
|
||||
] ++ optional cfg.useLocalPostgresDB "postgresql.service";
|
||||
requires = optional cfg.useLocalPostgresDB "postgresql.service";
|
||||
] ++ optional cfg.useLocalPostgresDB "postgresql.target";
|
||||
requires = optional cfg.useLocalPostgresDB "postgresql.target";
|
||||
serviceConfig = {
|
||||
Type = "simple";
|
||||
DynamicUser = true;
|
||||
|
@ -1231,7 +1231,7 @@ in
|
||||
requiredBy = [ "akkoma.service" ];
|
||||
after = [
|
||||
"akkoma-config.service"
|
||||
"postgresql.service"
|
||||
"postgresql.target"
|
||||
];
|
||||
before = [ "akkoma.service" ];
|
||||
|
||||
@ -1269,7 +1269,7 @@ in
|
||||
"akkoma-config.target"
|
||||
"network.target"
|
||||
"network-online.target"
|
||||
"postgresql.service"
|
||||
"postgresql.target"
|
||||
];
|
||||
|
||||
confinement.packages = mkIf isConfined runtimeInputs;
|
||||
|
@ -109,7 +109,7 @@ in
|
||||
description = "The API for Crab Fit.";
|
||||
|
||||
wantedBy = [ "multi-user.target" ];
|
||||
after = [ "postgresql.service" ];
|
||||
after = [ "postgresql.target" ];
|
||||
|
||||
serviceConfig = {
|
||||
# TODO: harden
|
||||
|
@ -444,11 +444,11 @@ in
|
||||
before = [ "phpfpm-davis.service" ];
|
||||
after =
|
||||
lib.optional mysqlLocal "mysql.service"
|
||||
++ lib.optional pgsqlLocal "postgresql.service"
|
||||
++ lib.optional pgsqlLocal "postgresql.target"
|
||||
++ [ "davis-env-setup.service" ];
|
||||
requires =
|
||||
lib.optional mysqlLocal "mysql.service"
|
||||
++ lib.optional pgsqlLocal "postgresql.service"
|
||||
++ lib.optional pgsqlLocal "postgresql.target"
|
||||
++ [ "davis-env-setup.service" ];
|
||||
wantedBy = [ "multi-user.target" ];
|
||||
serviceConfig = defaultServiceConfig // {
|
||||
@ -483,7 +483,7 @@ in
|
||||
"davis-db-migrate.service"
|
||||
]
|
||||
++ lib.optional mysqlLocal "mysql.service"
|
||||
++ lib.optional pgsqlLocal "postgresql.service";
|
||||
++ lib.optional pgsqlLocal "postgresql.target";
|
||||
systemd.services.phpfpm-davis.serviceConfig.ReadWritePaths = [ cfg.dataDir ];
|
||||
|
||||
services.nginx = lib.mkIf (cfg.nginx != null) {
|
||||
|
@ -535,9 +535,9 @@ in
|
||||
};
|
||||
|
||||
systemd.services.dependency-track-postgresql-init = lib.mkIf cfg.database.createLocally {
|
||||
after = [ "postgresql.service" ];
|
||||
after = [ "postgresql.target" ];
|
||||
before = [ "dependency-track.service" ];
|
||||
bindsTo = [ "postgresql.service" ];
|
||||
bindsTo = [ "postgresql.target" ];
|
||||
path = [ config.services.postgresql.package ];
|
||||
serviceConfig = {
|
||||
Type = "oneshot";
|
||||
@ -572,7 +572,7 @@ in
|
||||
if cfg.database.createLocally then
|
||||
[
|
||||
"dependency-track-postgresql-init.service"
|
||||
"postgresql.service"
|
||||
"postgresql.target"
|
||||
]
|
||||
else
|
||||
[ ];
|
||||
|
@ -100,7 +100,7 @@ in
|
||||
wantedBy = [ "multi-user.target" ];
|
||||
after = [
|
||||
"networking.target"
|
||||
] ++ (optional (cfg.settings.storage.type == "postgres") "postgresql.service");
|
||||
] ++ (optional (cfg.settings.storage.type == "postgres") "postgresql.target");
|
||||
path = with pkgs; [ replace-secret ];
|
||||
restartTriggers = restartTriggers;
|
||||
serviceConfig =
|
||||
|
@ -705,8 +705,8 @@ in
|
||||
pgsql = config.services.postgresql;
|
||||
in
|
||||
lib.mkIf databaseActuallyCreateLocally {
|
||||
after = [ "postgresql.service" ];
|
||||
bindsTo = [ "postgresql.service" ];
|
||||
after = [ "postgresql.target" ];
|
||||
bindsTo = [ "postgresql.target" ];
|
||||
wantedBy = [ "discourse.service" ];
|
||||
partOf = [ "discourse.service" ];
|
||||
path = [
|
||||
@ -732,16 +732,16 @@ in
|
||||
wantedBy = [ "multi-user.target" ];
|
||||
after = [
|
||||
"redis-discourse.service"
|
||||
"postgresql.service"
|
||||
"discourse-postgresql.service"
|
||||
"postgresql.target"
|
||||
"discourse-postgresql.target"
|
||||
];
|
||||
bindsTo =
|
||||
[
|
||||
"redis-discourse.service"
|
||||
]
|
||||
++ lib.optionals (cfg.database.host == null) [
|
||||
"postgresql.service"
|
||||
"discourse-postgresql.service"
|
||||
"postgresql.target"
|
||||
"discourse-postgresql.target"
|
||||
];
|
||||
path = cfg.package.runtimeDeps ++ [
|
||||
postgresqlPackage
|
||||
|
@ -87,8 +87,8 @@ in
|
||||
wantedBy = [ "multi-user.target" ];
|
||||
after = [
|
||||
"network.target"
|
||||
] ++ lib.optionals (cfg.database.url == "local") [ "postgresql.service" ];
|
||||
requires = lib.optionals (cfg.database.url == "local") [ "postgresql.service" ];
|
||||
] ++ lib.optionals (cfg.database.url == "local") [ "postgresql.target" ];
|
||||
requires = lib.optionals (cfg.database.url == "local") [ "postgresql.target" ];
|
||||
environment =
|
||||
let
|
||||
localPostgresqlUrl = "postgres:///fider?host=/run/postgresql";
|
||||
|
@ -227,7 +227,7 @@ in
|
||||
"multi-user.target"
|
||||
"phpfpm-filesender.service"
|
||||
];
|
||||
after = [ "postgresql.service" ];
|
||||
after = [ "postgresql.target" ];
|
||||
|
||||
restartIfChanged = true;
|
||||
|
||||
|
@ -308,7 +308,7 @@ in
|
||||
|
||||
systemd.services.firefly-iii-setup = {
|
||||
after = [
|
||||
"postgresql.service"
|
||||
"postgresql.target"
|
||||
"mysql.service"
|
||||
];
|
||||
requiredBy = [ "phpfpm-firefly-iii.service" ];
|
||||
@ -325,7 +325,7 @@ in
|
||||
systemd.services.firefly-iii-cron = {
|
||||
after = [
|
||||
"firefly-iii-setup.service"
|
||||
"postgresql.service"
|
||||
"postgresql.target"
|
||||
"mysql.service"
|
||||
];
|
||||
wants = [ "firefly-iii-setup.service" ];
|
||||
|
@ -163,9 +163,9 @@ in
|
||||
systemd = {
|
||||
services = {
|
||||
|
||||
postgresql.serviceConfig.ExecStartPost =
|
||||
postgresql-setup.serviceConfig.ExecStartPost =
|
||||
let
|
||||
sqlFile = pkgs.writeText "immich-pgvectors-setup.sql" ''
|
||||
sqlFile = pkgs.writeText "froide-govplan-postgis-setup.sql" ''
|
||||
CREATE EXTENSION IF NOT EXISTS postgis;
|
||||
'';
|
||||
in
|
||||
@ -184,7 +184,7 @@ in
|
||||
Group = "govplan";
|
||||
};
|
||||
after = [
|
||||
"postgresql.service"
|
||||
"postgresql.target"
|
||||
"network.target"
|
||||
"systemd-tmpfiles-setup.service"
|
||||
];
|
||||
|
@ -211,7 +211,7 @@ in
|
||||
wantedBy = [ "multi-user.target" ];
|
||||
after = [
|
||||
"network.target"
|
||||
] ++ optional (cfg.settings.db.dialect == "postgres") "postgresql.service";
|
||||
] ++ optional (cfg.settings.db.dialect == "postgres") "postgresql.target";
|
||||
|
||||
environment = {
|
||||
NODE_ENV = "production";
|
||||
|
@ -171,11 +171,11 @@ in
|
||||
|
||||
wants = [ "network-online.target" ];
|
||||
requires =
|
||||
lib.optional cfg.database.createLocally "postgresql.service"
|
||||
lib.optional cfg.database.createLocally "postgresql.target"
|
||||
++ lib.optional cfg.redis.createLocally "redis-glitchtip.service";
|
||||
after =
|
||||
[ "network-online.target" ]
|
||||
++ lib.optional cfg.database.createLocally "postgresql.service"
|
||||
++ lib.optional cfg.database.createLocally "postgresql.target"
|
||||
++ lib.optional cfg.redis.createLocally "redis-glitchtip.service";
|
||||
|
||||
inherit environment;
|
||||
|
@ -144,8 +144,8 @@ in
|
||||
systemd.services.gotosocial = {
|
||||
description = "ActivityPub social network server";
|
||||
wantedBy = [ "multi-user.target" ];
|
||||
after = [ "network.target" ] ++ lib.optional cfg.setupPostgresqlDB "postgresql.service";
|
||||
requires = lib.optional cfg.setupPostgresqlDB "postgresql.service";
|
||||
after = [ "network.target" ] ++ lib.optional cfg.setupPostgresqlDB "postgresql.target";
|
||||
requires = lib.optional cfg.setupPostgresqlDB "postgresql.target";
|
||||
restartTriggers = [ configFile ];
|
||||
|
||||
serviceConfig = {
|
||||
|
@ -81,8 +81,8 @@ in
|
||||
];
|
||||
};
|
||||
systemd.services.homebox = {
|
||||
requires = lib.optional cfg.database.createLocally "postgresql.service";
|
||||
after = lib.optional cfg.database.createLocally "postgresql.service";
|
||||
requires = lib.optional cfg.database.createLocally "postgresql.target";
|
||||
after = lib.optional cfg.database.createLocally "postgresql.target";
|
||||
environment = cfg.settings;
|
||||
serviceConfig = {
|
||||
User = "homebox";
|
||||
|
@ -254,7 +254,7 @@ in
|
||||
search_path = "\"$user\", public, vectors";
|
||||
};
|
||||
};
|
||||
systemd.services.postgresql.serviceConfig.ExecStartPost =
|
||||
systemd.services.postgresql-setup.serviceConfig.ExecStartPost =
|
||||
let
|
||||
sqlFile = pkgs.writeText "immich-pgvectors-setup.sql" ''
|
||||
CREATE EXTENSION IF NOT EXISTS unaccent;
|
||||
|
@ -19,8 +19,8 @@ let
|
||||
commonInvidousServiceConfig = {
|
||||
description = "Invidious (An alternative YouTube front-end)";
|
||||
wants = [ "network-online.target" ];
|
||||
after = [ "network-online.target" ] ++ lib.optional cfg.database.createLocally "postgresql.service";
|
||||
requires = lib.optional cfg.database.createLocally "postgresql.service";
|
||||
after = [ "network-online.target" ] ++ lib.optional cfg.database.createLocally "postgresql.target";
|
||||
requires = lib.optional cfg.database.createLocally "postgresql.target";
|
||||
wantedBy = [ "multi-user.target" ];
|
||||
|
||||
serviceConfig = {
|
||||
|
@ -602,9 +602,9 @@ in
|
||||
];
|
||||
|
||||
systemd.services.keycloakPostgreSQLInit = mkIf createLocalPostgreSQL {
|
||||
after = [ "postgresql.service" ];
|
||||
after = [ "postgresql.target" ];
|
||||
before = [ "keycloak.service" ];
|
||||
bindsTo = [ "postgresql.service" ];
|
||||
bindsTo = [ "postgresql.target" ];
|
||||
path = [ config.services.postgresql.package ];
|
||||
serviceConfig = {
|
||||
Type = "oneshot";
|
||||
@ -690,7 +690,7 @@ in
|
||||
if createLocalPostgreSQL then
|
||||
[
|
||||
"keycloakPostgreSQLInit.service"
|
||||
"postgresql.service"
|
||||
"postgresql.target"
|
||||
]
|
||||
else if createLocalMySQL then
|
||||
[
|
||||
|
@ -350,10 +350,10 @@ in
|
||||
description = "Docs from SuiteNumérique";
|
||||
after =
|
||||
[ "network.target" ]
|
||||
++ (optional cfg.postgresql.createLocally "postgresql.service")
|
||||
++ (optional cfg.postgresql.createLocally "postgresql.target")
|
||||
++ (optional cfg.redis.createLocally "redis-lasuite-docs.service");
|
||||
wants =
|
||||
(optional cfg.postgresql.createLocally "postgresql.service")
|
||||
(optional cfg.postgresql.createLocally "postgresql.target")
|
||||
++ (optional cfg.redis.createLocally "redis-lasuite-docs.service");
|
||||
wantedBy = [ "multi-user.target" ];
|
||||
|
||||
@ -398,10 +398,10 @@ in
|
||||
description = "Docs Celery broker from SuiteNumérique";
|
||||
after =
|
||||
[ "network.target" ]
|
||||
++ (optional cfg.postgresql.createLocally "postgresql.service")
|
||||
++ (optional cfg.postgresql.createLocally "postgresql.target")
|
||||
++ (optional cfg.redis.createLocally "redis-lasuite-docs.service");
|
||||
wants =
|
||||
(optional cfg.postgresql.createLocally "postgresql.service")
|
||||
(optional cfg.postgresql.createLocally "postgresql.target")
|
||||
++ (optional cfg.redis.createLocally "redis-lasuite-docs.service");
|
||||
wantedBy = [ "multi-user.target" ];
|
||||
|
||||
|
@ -325,9 +325,9 @@ in
|
||||
|
||||
wantedBy = [ "multi-user.target" ];
|
||||
|
||||
after = [ "pict-rs.service" ] ++ lib.optionals cfg.database.createLocally [ "postgresql.service" ];
|
||||
after = [ "pict-rs.service" ] ++ lib.optionals cfg.database.createLocally [ "postgresql.target" ];
|
||||
|
||||
requires = lib.optionals cfg.database.createLocally [ "postgresql.service" ];
|
||||
requires = lib.optionals cfg.database.createLocally [ "postgresql.target" ];
|
||||
|
||||
# substitute secrets and prevent others from reading the result
|
||||
# if somehow $CREDENTIALS_DIRECTORY is not set we fail
|
||||
|
@ -413,7 +413,7 @@ in
|
||||
systemd.services.limesurvey-init = {
|
||||
wantedBy = [ "multi-user.target" ];
|
||||
before = [ "phpfpm-limesurvey.service" ];
|
||||
after = optional mysqlLocal "mysql.service" ++ optional pgsqlLocal "postgresql.service";
|
||||
after = optional mysqlLocal "mysql.service" ++ optional pgsqlLocal "postgresql.target";
|
||||
environment.DBENGINE = "${cfg.database.dbEngine}";
|
||||
environment.LIMESURVEY_CONFIG = limesurveyConfig;
|
||||
script = ''
|
||||
@ -444,7 +444,7 @@ in
|
||||
|
||||
systemd.services.httpd.after =
|
||||
optional mysqlLocal "mysql.service"
|
||||
++ optional pgsqlLocal "postgresql.service";
|
||||
++ optional pgsqlLocal "postgresql.target";
|
||||
|
||||
users.users.${user} = {
|
||||
group = group;
|
||||
|
@ -126,10 +126,10 @@ let
|
||||
SystemCallArchitectures = "native";
|
||||
};
|
||||
|
||||
# Services that all Mastodon units After= and Requires= on
|
||||
commonServices =
|
||||
# Units that all Mastodon units After= and Requires= on
|
||||
commonUnits =
|
||||
lib.optional redisActuallyCreateLocally "redis-mastodon.service"
|
||||
++ lib.optional databaseActuallyCreateLocally "postgresql.service"
|
||||
++ lib.optional databaseActuallyCreateLocally "postgresql.target"
|
||||
++ lib.optional cfg.automaticMigrations "mastodon-init-db.service";
|
||||
|
||||
envFile = pkgs.writeText "mastodon.env" (
|
||||
@ -170,8 +170,8 @@ let
|
||||
after = [
|
||||
"network.target"
|
||||
"mastodon-init-dirs.service"
|
||||
] ++ commonServices;
|
||||
requires = [ "mastodon-init-dirs.service" ] ++ commonServices;
|
||||
] ++ commonUnits;
|
||||
requires = [ "mastodon-init-dirs.service" ] ++ commonUnits;
|
||||
description = "Mastodon sidekiq${jobClassLabel}";
|
||||
wantedBy = [ "mastodon.target" ];
|
||||
environment = env // {
|
||||
@ -209,8 +209,8 @@ let
|
||||
after = [
|
||||
"network.target"
|
||||
"mastodon-init-dirs.service"
|
||||
] ++ commonServices;
|
||||
requires = [ "mastodon-init-dirs.service" ] ++ commonServices;
|
||||
] ++ commonUnits;
|
||||
requires = [ "mastodon-init-dirs.service" ] ++ commonUnits;
|
||||
wantedBy = [
|
||||
"mastodon.target"
|
||||
"mastodon-streaming.target"
|
||||
@ -998,18 +998,18 @@ in
|
||||
after = [
|
||||
"network.target"
|
||||
"mastodon-init-dirs.service"
|
||||
] ++ lib.optional databaseActuallyCreateLocally "postgresql.service";
|
||||
] ++ lib.optional databaseActuallyCreateLocally "postgresql.target";
|
||||
requires = [
|
||||
"mastodon-init-dirs.service"
|
||||
] ++ lib.optional databaseActuallyCreateLocally "postgresql.service";
|
||||
] ++ lib.optional databaseActuallyCreateLocally "postgresql.target";
|
||||
};
|
||||
|
||||
systemd.services.mastodon-web = {
|
||||
after = [
|
||||
"network.target"
|
||||
"mastodon-init-dirs.service"
|
||||
] ++ commonServices;
|
||||
requires = [ "mastodon-init-dirs.service" ] ++ commonServices;
|
||||
] ++ commonUnits;
|
||||
requires = [ "mastodon-init-dirs.service" ] ++ commonUnits;
|
||||
wantedBy = [ "mastodon.target" ];
|
||||
description = "Mastodon web";
|
||||
environment =
|
||||
|
@ -840,7 +840,7 @@ in
|
||||
wantedBy = [ "multi-user.target" ];
|
||||
after = mkMerge [
|
||||
[ "network.target" ]
|
||||
(mkIf (cfg.database.driver == "postgres" && cfg.database.create) [ "postgresql.service" ])
|
||||
(mkIf (cfg.database.driver == "postgres" && cfg.database.create) [ "postgresql.target" ])
|
||||
(mkIf (cfg.database.driver == "mysql" && cfg.database.create) [ "mysql.service" ])
|
||||
];
|
||||
requires = after;
|
||||
@ -946,7 +946,7 @@ in
|
||||
];
|
||||
|
||||
unitConfig.JoinsNamespaceOf = mkMerge [
|
||||
(mkIf (cfg.database.driver == "postgres" && cfg.database.create) [ "postgresql.service" ])
|
||||
(mkIf (cfg.database.driver == "postgres" && cfg.database.create) [ "postgresql.target" ])
|
||||
(mkIf (cfg.database.driver == "mysql" && cfg.database.create) [ "mysql.service" ])
|
||||
];
|
||||
};
|
||||
|
@ -66,8 +66,8 @@ in
|
||||
systemd.services.mealie = {
|
||||
description = "Mealie, a self hosted recipe manager and meal planner";
|
||||
|
||||
after = [ "network-online.target" ] ++ lib.optional cfg.database.createLocally "postgresql.service";
|
||||
requires = lib.optional cfg.database.createLocally "postgresql.service";
|
||||
after = [ "network-online.target" ] ++ lib.optional cfg.database.createLocally "postgresql.target";
|
||||
requires = lib.optional cfg.database.createLocally "postgresql.target";
|
||||
wants = [ "network-online.target" ];
|
||||
wantedBy = [ "multi-user.target" ];
|
||||
|
||||
|
@ -339,11 +339,11 @@ in
|
||||
mediagoblin-paster = lib.recursiveUpdate serviceDefaults {
|
||||
after = [
|
||||
"mediagoblin-celeryd.service"
|
||||
"postgresql.service"
|
||||
"postgresql.target"
|
||||
];
|
||||
requires = [
|
||||
"mediagoblin-celeryd.service"
|
||||
"postgresql.service"
|
||||
"postgresql.target"
|
||||
];
|
||||
preStart = ''
|
||||
cp --remove-destination ${pasteConfig} /var/lib/mediagoblin/paste.ini
|
||||
|
@ -707,7 +707,7 @@ in
|
||||
before = [ "phpfpm-mediawiki.service" ];
|
||||
after =
|
||||
optional (cfg.database.type == "mysql" && cfg.database.createLocally) "mysql.service"
|
||||
++ optional (cfg.database.type == "postgres" && cfg.database.createLocally) "postgresql.service";
|
||||
++ optional (cfg.database.type == "postgres" && cfg.database.createLocally) "postgresql.target";
|
||||
script = ''
|
||||
if ! test -e "${stateDir}/secret.key"; then
|
||||
tr -dc A-Za-z0-9 </dev/urandom 2>/dev/null | head -c 64 > ${stateDir}/secret.key
|
||||
@ -754,7 +754,7 @@ in
|
||||
) "mysql.service"
|
||||
++ optional (
|
||||
cfg.webserver == "apache" && cfg.database.createLocally && cfg.database.type == "postgres"
|
||||
) "postgresql.service";
|
||||
) "postgresql.target";
|
||||
|
||||
users.users.${user} = {
|
||||
inherit group;
|
||||
|
@ -107,10 +107,10 @@ in
|
||||
|
||||
systemd.services.miniflux-dbsetup = lib.mkIf cfg.createDatabaseLocally {
|
||||
description = "Miniflux database setup";
|
||||
requires = [ "postgresql.service" ];
|
||||
requires = [ "postgresql.target" ];
|
||||
after = [
|
||||
"network.target"
|
||||
"postgresql.service"
|
||||
"postgresql.target"
|
||||
];
|
||||
serviceConfig = {
|
||||
Type = "oneshot";
|
||||
@ -126,7 +126,7 @@ in
|
||||
after =
|
||||
[ "network.target" ]
|
||||
++ lib.optionals cfg.createDatabaseLocally [
|
||||
"postgresql.service"
|
||||
"postgresql.target"
|
||||
"miniflux-dbsetup.service"
|
||||
];
|
||||
|
||||
|
@ -319,7 +319,7 @@ in
|
||||
systemd.services.misskey = {
|
||||
after = [
|
||||
"network-online.target"
|
||||
"postgresql.service"
|
||||
"postgresql.target"
|
||||
];
|
||||
wants = [ "network-online.target" ];
|
||||
wantedBy = [ "multi-user.target" ];
|
||||
|
@ -366,7 +366,7 @@ in
|
||||
systemd.services.mobilizon-postgresql = mkIf isLocalPostgres {
|
||||
description = "Mobilizon PostgreSQL setup";
|
||||
|
||||
after = [ "postgresql.service" ];
|
||||
after = [ "postgresql.target" ];
|
||||
before = [
|
||||
"mobilizon.service"
|
||||
"mobilizon-setup-secrets.service"
|
||||
|
@ -351,7 +351,7 @@ in
|
||||
systemd.services.moodle-init = {
|
||||
wantedBy = [ "multi-user.target" ];
|
||||
before = [ "phpfpm-moodle.service" ];
|
||||
after = optional mysqlLocal "mysql.service" ++ optional pgsqlLocal "postgresql.service";
|
||||
after = optional mysqlLocal "mysql.service" ++ optional pgsqlLocal "postgresql.target";
|
||||
environment.MOODLE_CONFIG = moodleConfig;
|
||||
script = ''
|
||||
${phpExt}/bin/php ${cfg.package}/share/moodle/admin/cli/check_database_schema.php && rc=$? || rc=$?
|
||||
@ -394,7 +394,7 @@ in
|
||||
|
||||
systemd.services.httpd.after =
|
||||
optional mysqlLocal "mysql.service"
|
||||
++ optional pgsqlLocal "postgresql.service";
|
||||
++ optional pgsqlLocal "postgresql.target";
|
||||
|
||||
users.users.${user} = {
|
||||
group = group;
|
||||
|
@ -165,9 +165,9 @@ let
|
||||
fpm = config.services.phpfpm.pools.${pool};
|
||||
phpExecutionUnit = "phpfpm-${pool}";
|
||||
|
||||
dbService =
|
||||
dbUnit =
|
||||
{
|
||||
"postgresql" = "postgresql.service";
|
||||
"postgresql" = "postgresql.target";
|
||||
"mariadb" = "mysql.service";
|
||||
}
|
||||
.${cfg.database.type};
|
||||
@ -843,8 +843,8 @@ in
|
||||
requiredBy = [ "${phpExecutionUnit}.service" ];
|
||||
before = [ "${phpExecutionUnit}.service" ];
|
||||
wants = [ "local-fs.target" ];
|
||||
requires = lib.optional cfg.database.createLocally dbService;
|
||||
after = lib.optional cfg.database.createLocally dbService;
|
||||
requires = lib.optional cfg.database.createLocally dbUnit;
|
||||
after = lib.optional cfg.database.createLocally dbUnit;
|
||||
|
||||
serviceConfig =
|
||||
{
|
||||
@ -899,8 +899,8 @@ in
|
||||
requiredBy = [ "movim.service" ];
|
||||
before = [ "movim.service" ] ++ lib.optional (webServerService != null) webServerService;
|
||||
wants = [ "network.target" ];
|
||||
requires = [ "movim-data-setup.service" ] ++ lib.optional cfg.database.createLocally dbService;
|
||||
after = [ "movim-data-setup.service" ] ++ lib.optional cfg.database.createLocally dbService;
|
||||
requires = [ "movim-data-setup.service" ] ++ lib.optional cfg.database.createLocally dbUnit;
|
||||
after = [ "movim-data-setup.service" ] ++ lib.optional cfg.database.createLocally dbUnit;
|
||||
};
|
||||
|
||||
services.movim = {
|
||||
@ -915,14 +915,14 @@ in
|
||||
"movim-data-setup.service"
|
||||
"${phpExecutionUnit}.service"
|
||||
]
|
||||
++ lib.optional cfg.database.createLocally dbService
|
||||
++ lib.optional cfg.database.createLocally dbUnit
|
||||
++ lib.optional (webServerService != null) webServerService;
|
||||
after =
|
||||
[
|
||||
"movim-data-setup.service"
|
||||
"${phpExecutionUnit}.service"
|
||||
]
|
||||
++ lib.optional cfg.database.createLocally dbService
|
||||
++ lib.optional cfg.database.createLocally dbUnit
|
||||
++ lib.optional (webServerService != null) webServerService;
|
||||
environment = {
|
||||
PUBLIC_URL = "//${cfg.domain}";
|
||||
|
@ -39,7 +39,14 @@ let
|
||||
(writeScriptBin "netbox-manage" ''
|
||||
#!${stdenv.shell}
|
||||
export PYTHONPATH=${pkg.pythonPath}
|
||||
sudo -u netbox ${pkg}/bin/netbox "$@"
|
||||
case "$(whoami)" in
|
||||
"root")
|
||||
${util-linux}/bin/runuser -u netbox -- ${pkg}/bin/netbox "$@";;
|
||||
"netbox")
|
||||
${pkg}/bin/netbox "$@";;
|
||||
*)
|
||||
echo "This must be run by either by root 'netbox' user"
|
||||
esac
|
||||
'');
|
||||
|
||||
in
|
||||
|
@ -1167,8 +1167,8 @@ in
|
||||
wantedBy = [ "multi-user.target" ];
|
||||
wants = [ "nextcloud-update-db.service" ];
|
||||
before = [ "phpfpm-nextcloud.service" ];
|
||||
after = optional mysqlLocal "mysql.service" ++ optional pgsqlLocal "postgresql.service";
|
||||
requires = optional mysqlLocal "mysql.service" ++ optional pgsqlLocal "postgresql.service";
|
||||
after = optional mysqlLocal "mysql.service" ++ optional pgsqlLocal "postgresql.target";
|
||||
requires = optional mysqlLocal "mysql.service" ++ optional pgsqlLocal "postgresql.target";
|
||||
path = [ occ ];
|
||||
restartTriggers = [ overrideConfig ];
|
||||
script = ''
|
||||
|
@ -234,8 +234,8 @@ in
|
||||
after = [
|
||||
"network.target"
|
||||
"systemd-tmpfiles-setup.service"
|
||||
] ++ lib.optional (cfg.settings.nipapd.db_host == "") "postgresql.service";
|
||||
requires = lib.optional (cfg.settings.nipapd.db_host == "") "postgresql.service";
|
||||
] ++ lib.optional (cfg.settings.nipapd.db_host == "") "postgresql.target";
|
||||
requires = lib.optional (cfg.settings.nipapd.db_host == "") "postgresql.target";
|
||||
wantedBy = [ "multi-user.target" ];
|
||||
preStart = lib.optionalString (cfg.settings.auth.default_backend == defaultAuthBackend) ''
|
||||
# Create/upgrade local auth database
|
||||
|
@ -235,12 +235,12 @@ in
|
||||
after = [
|
||||
"network.target"
|
||||
"onlyoffice-docservice.service"
|
||||
"postgresql.service"
|
||||
"postgresql.target"
|
||||
];
|
||||
requires = [
|
||||
"network.target"
|
||||
"onlyoffice-docservice.service"
|
||||
"postgresql.service"
|
||||
"postgresql.target"
|
||||
];
|
||||
wantedBy = [ "multi-user.target" ];
|
||||
serviceConfig = {
|
||||
@ -314,9 +314,9 @@ in
|
||||
description = "onlyoffice documentserver";
|
||||
after = [
|
||||
"network.target"
|
||||
"postgresql.service"
|
||||
"postgresql.target"
|
||||
];
|
||||
requires = [ "postgresql.service" ];
|
||||
requires = [ "postgresql.target" ];
|
||||
wantedBy = [ "multi-user.target" ];
|
||||
serviceConfig = {
|
||||
ExecStart = "${cfg.package.fhs}/bin/onlyoffice-wrapper DocService/docservice /run/onlyoffice/config";
|
||||
|
@ -634,10 +634,10 @@ in
|
||||
wantedBy = [ "multi-user.target" ];
|
||||
after =
|
||||
[ "networking.target" ]
|
||||
++ lib.optional (cfg.databaseUrl == "local") "postgresql.service"
|
||||
++ lib.optional (cfg.databaseUrl == "local") "postgresql.target"
|
||||
++ lib.optional (cfg.redisUrl == "local") "redis-outline.service";
|
||||
requires =
|
||||
lib.optional (cfg.databaseUrl == "local") "postgresql.service"
|
||||
lib.optional (cfg.databaseUrl == "local") "postgresql.target"
|
||||
++ lib.optional (cfg.redisUrl == "local") "redis-outline.service";
|
||||
path = [
|
||||
pkgs.openssl # Required by the preStart script
|
||||
|
@ -195,8 +195,8 @@ in
|
||||
services = {
|
||||
part-db-migrate = {
|
||||
before = [ "phpfpm-part-db.service" ];
|
||||
after = [ "postgresql.service" ];
|
||||
requires = [ "postgresql.service" ];
|
||||
after = [ "postgresql.target" ];
|
||||
requires = [ "postgresql.target" ];
|
||||
wantedBy = [ "multi-user.target" ];
|
||||
serviceConfig = {
|
||||
Type = "oneshot";
|
||||
@ -216,7 +216,7 @@ in
|
||||
after = [ "part-db-migrate.service" ];
|
||||
requires = [
|
||||
"part-db-migrate.service"
|
||||
"postgresql.service"
|
||||
"postgresql.target"
|
||||
];
|
||||
# ensure nginx can access the php-fpm socket
|
||||
postStart = ''
|
||||
|
@ -439,9 +439,9 @@ in
|
||||
description = "Initialization database for PeerTube daemon";
|
||||
after = [
|
||||
"network.target"
|
||||
"postgresql.service"
|
||||
"postgresql.target"
|
||||
];
|
||||
requires = [ "postgresql.service" ];
|
||||
requires = [ "postgresql.target" ];
|
||||
|
||||
script =
|
||||
let
|
||||
@ -475,13 +475,13 @@ in
|
||||
[ "network.target" ]
|
||||
++ lib.optional cfg.redis.createLocally "redis-peertube.service"
|
||||
++ lib.optionals cfg.database.createLocally [
|
||||
"postgresql.service"
|
||||
"postgresql.target"
|
||||
"peertube-init-db.service"
|
||||
];
|
||||
requires =
|
||||
lib.optional cfg.redis.createLocally "redis-peertube.service"
|
||||
++ lib.optionals cfg.database.createLocally [
|
||||
"postgresql.service"
|
||||
"postgresql.target"
|
||||
"peertube-init-db.service"
|
||||
];
|
||||
wantedBy = [ "multi-user.target" ];
|
||||
|
@ -53,9 +53,9 @@ let
|
||||
"mysql" = "/run/mysqld/mysqld.sock";
|
||||
}
|
||||
.${cfg.database.type};
|
||||
dbService =
|
||||
dbUnit =
|
||||
{
|
||||
"pgsql" = "postgresql.service";
|
||||
"pgsql" = "postgresql.target";
|
||||
"mysql" = "mysql.service";
|
||||
}
|
||||
.${cfg.database.type};
|
||||
@ -355,7 +355,7 @@ in
|
||||
"pixelfed-horizon.service"
|
||||
"pixelfed-data-setup.service"
|
||||
]
|
||||
++ lib.optional cfg.database.createLocally dbService
|
||||
++ lib.optional cfg.database.createLocally dbUnit
|
||||
++ lib.optional cfg.redis.createLocally redisService;
|
||||
# Ensure image optimizations programs are available.
|
||||
systemd.services.phpfpm-pixelfed.path = extraPrograms;
|
||||
@ -368,7 +368,7 @@ in
|
||||
];
|
||||
requires =
|
||||
[ "pixelfed-data-setup.service" ]
|
||||
++ (lib.optional cfg.database.createLocally dbService)
|
||||
++ (lib.optional cfg.database.createLocally dbUnit)
|
||||
++ (lib.optional cfg.redis.createLocally redisService);
|
||||
wantedBy = [ "multi-user.target" ];
|
||||
# Ensure image optimizations programs are available.
|
||||
@ -412,8 +412,8 @@ in
|
||||
systemd.services.pixelfed-data-setup = {
|
||||
description = "Pixelfed setup: migrations, environment file update, cache reload, data changes";
|
||||
wantedBy = [ "multi-user.target" ];
|
||||
after = lib.optional cfg.database.createLocally dbService;
|
||||
requires = lib.optional cfg.database.createLocally dbService;
|
||||
after = lib.optional cfg.database.createLocally dbUnit;
|
||||
requires = lib.optional cfg.database.createLocally dbUnit;
|
||||
path =
|
||||
with pkgs;
|
||||
[
|
||||
|
@ -196,13 +196,13 @@ in
|
||||
after =
|
||||
optional cfg.database.clickhouse.setup "clickhouse.service"
|
||||
++ optionals cfg.database.postgres.setup [
|
||||
"postgresql.service"
|
||||
"postgresql.target"
|
||||
"plausible-postgres.service"
|
||||
];
|
||||
requires =
|
||||
optional cfg.database.clickhouse.setup "clickhouse.service"
|
||||
++ optionals cfg.database.postgres.setup [
|
||||
"postgresql.service"
|
||||
"postgresql.target"
|
||||
"plausible-postgres.service"
|
||||
];
|
||||
|
||||
@ -309,7 +309,7 @@ in
|
||||
(mkIf cfg.database.postgres.setup {
|
||||
# `plausible' requires the `citext'-extension.
|
||||
plausible-postgres = {
|
||||
after = [ "postgresql.service" ];
|
||||
after = [ "postgresql.target" ];
|
||||
partOf = [ "plausible.service" ];
|
||||
serviceConfig = {
|
||||
Type = "oneshot";
|
||||
|
@ -434,7 +434,7 @@ in
|
||||
"redis-pretalx.service"
|
||||
]
|
||||
++ lib.optionals (cfg.settings.database.backend == "postgresql") [
|
||||
"postgresql.service"
|
||||
"postgresql.target"
|
||||
]
|
||||
++ lib.optionals (cfg.settings.database.backend == "mysql") [
|
||||
"mysql.service"
|
||||
@ -484,7 +484,7 @@ in
|
||||
"redis-pretalx.service"
|
||||
]
|
||||
++ lib.optionals (cfg.settings.database.backend == "postgresql") [
|
||||
"postgresql.service"
|
||||
"postgresql.target"
|
||||
]
|
||||
++ lib.optionals (cfg.settings.database.backend == "mysql") [
|
||||
"mysql.service"
|
||||
|
@ -533,7 +533,7 @@ in
|
||||
after = [
|
||||
"network.target"
|
||||
"redis-pretix.service"
|
||||
"postgresql.service"
|
||||
"postgresql.target"
|
||||
];
|
||||
wantedBy = [ "multi-user.target" ];
|
||||
preStart = ''
|
||||
@ -574,7 +574,7 @@ in
|
||||
after = [
|
||||
"network.target"
|
||||
"redis-pretix.service"
|
||||
"postgresql.service"
|
||||
"postgresql.target"
|
||||
];
|
||||
wantedBy = [ "multi-user.target" ];
|
||||
serviceConfig = {
|
||||
|
@ -398,7 +398,7 @@ in
|
||||
after =
|
||||
[ "network.target" ]
|
||||
++ (lib.optional useMySQL "mysql.service")
|
||||
++ (lib.optional usePostgres "postgresql.service");
|
||||
++ (lib.optional usePostgres "postgresql.target");
|
||||
|
||||
script =
|
||||
lib.optionalString (cfg.keyPasswordFile != null && cfg.settings.keyPassword == null) ''
|
||||
|
@ -62,7 +62,7 @@ in
|
||||
description = "Shiori simple bookmarks manager";
|
||||
wantedBy = [ "multi-user.target" ];
|
||||
after = [
|
||||
"postgresql.service"
|
||||
"postgresql.target"
|
||||
"mysql.service"
|
||||
];
|
||||
environment =
|
||||
|
@ -104,7 +104,7 @@ in
|
||||
systemd.services.sogo = {
|
||||
description = "SOGo groupware";
|
||||
after = [
|
||||
"postgresql.service"
|
||||
"postgresql.target"
|
||||
"mysql.service"
|
||||
"memcached.service"
|
||||
"openldap.service"
|
||||
@ -191,7 +191,7 @@ in
|
||||
description = "SOGo email alarms";
|
||||
|
||||
after = [
|
||||
"postgresql.service"
|
||||
"postgresql.target"
|
||||
"mysqld.service"
|
||||
"memcached.service"
|
||||
"openldap.service"
|
||||
|
@ -667,11 +667,11 @@ in
|
||||
};
|
||||
|
||||
wantedBy = [ "multi-user.target" ];
|
||||
requires = optional mysqlLocal "mysql.service" ++ optional pgsqlLocal "postgresql.service";
|
||||
requires = optional mysqlLocal "mysql.service" ++ optional pgsqlLocal "postgresql.target";
|
||||
after =
|
||||
[ "network.target" ]
|
||||
++ optional mysqlLocal "mysql.service"
|
||||
++ optional pgsqlLocal "postgresql.service";
|
||||
++ optional pgsqlLocal "postgresql.target";
|
||||
};
|
||||
};
|
||||
|
||||
|
@ -117,7 +117,7 @@ in
|
||||
description = "vikunja";
|
||||
after =
|
||||
[ "network.target" ]
|
||||
++ lib.optional usePostgresql "postgresql.service"
|
||||
++ lib.optional usePostgresql "postgresql.target"
|
||||
++ lib.optional useMysql "mysql.service";
|
||||
wantedBy = [ "multi-user.target" ];
|
||||
path = [ cfg.package ];
|
||||
|
@ -135,10 +135,10 @@ in
|
||||
description = "Wakapi (self-hosted WakaTime-compatible backend)";
|
||||
wants = [
|
||||
"network-online.target"
|
||||
] ++ optional (cfg.database.dialect == "postgres") "postgresql.service";
|
||||
] ++ optional (cfg.database.dialect == "postgres") "postgresql.target";
|
||||
after = [
|
||||
"network-online.target"
|
||||
] ++ optional (cfg.database.dialect == "postgres") "postgresql.service";
|
||||
] ++ optional (cfg.database.dialect == "postgres") "postgresql.target";
|
||||
wantedBy = [ "multi-user.target" ];
|
||||
|
||||
script = ''
|
||||
|
@ -251,7 +251,7 @@ in
|
||||
|
||||
systemd.services.weblate-postgresql-setup = {
|
||||
description = "Weblate PostgreSQL setup";
|
||||
after = [ "postgresql.service" ];
|
||||
after = [ "postgresql.target" ];
|
||||
serviceConfig = {
|
||||
Type = "oneshot";
|
||||
User = "postgres";
|
||||
@ -290,7 +290,7 @@ in
|
||||
after = [
|
||||
"network.target"
|
||||
"redis-weblate.service"
|
||||
"postgresql.service"
|
||||
"postgresql.target"
|
||||
];
|
||||
# We want this to be active on boot, not just on socket activation
|
||||
wantedBy = [ "multi-user.target" ];
|
||||
|
@ -134,39 +134,37 @@ in
|
||||
# coming from https://github.com/windmill-labs/windmill/blob/main/init-db-as-superuser.sql
|
||||
# modified to not grant privileges on all tables
|
||||
# create role windmill_user and windmill_admin only if they don't exist
|
||||
postgresql.postStart = lib.mkIf cfg.database.createLocally (
|
||||
lib.mkAfter ''
|
||||
$PSQL -tA <<"EOF"
|
||||
DO $$
|
||||
BEGIN
|
||||
IF NOT EXISTS (
|
||||
SELECT FROM pg_catalog.pg_roles
|
||||
WHERE rolname = 'windmill_user'
|
||||
) THEN
|
||||
CREATE ROLE windmill_user;
|
||||
GRANT ALL PRIVILEGES ON DATABASE ${cfg.database.name} TO windmill_user;
|
||||
ELSE
|
||||
RAISE NOTICE 'Role "windmill_user" already exists. Skipping.';
|
||||
END IF;
|
||||
IF NOT EXISTS (
|
||||
SELECT FROM pg_catalog.pg_roles
|
||||
WHERE rolname = 'windmill_admin'
|
||||
) THEN
|
||||
CREATE ROLE windmill_admin WITH BYPASSRLS;
|
||||
GRANT windmill_user TO windmill_admin;
|
||||
ELSE
|
||||
RAISE NOTICE 'Role "windmill_admin" already exists. Skipping.';
|
||||
END IF;
|
||||
GRANT windmill_admin TO windmill;
|
||||
END
|
||||
$$;
|
||||
EOF
|
||||
''
|
||||
);
|
||||
postgresql.postStart = lib.mkIf cfg.database.createLocally ''
|
||||
psql -tA <<"EOF"
|
||||
DO $$
|
||||
BEGIN
|
||||
IF NOT EXISTS (
|
||||
SELECT FROM pg_catalog.pg_roles
|
||||
WHERE rolname = 'windmill_user'
|
||||
) THEN
|
||||
CREATE ROLE windmill_user;
|
||||
GRANT ALL PRIVILEGES ON DATABASE ${cfg.database.name} TO windmill_user;
|
||||
ELSE
|
||||
RAISE NOTICE 'Role "windmill_user" already exists. Skipping.';
|
||||
END IF;
|
||||
IF NOT EXISTS (
|
||||
SELECT FROM pg_catalog.pg_roles
|
||||
WHERE rolname = 'windmill_admin'
|
||||
) THEN
|
||||
CREATE ROLE windmill_admin WITH BYPASSRLS;
|
||||
GRANT windmill_user TO windmill_admin;
|
||||
ELSE
|
||||
RAISE NOTICE 'Role "windmill_admin" already exists. Skipping.';
|
||||
END IF;
|
||||
GRANT windmill_admin TO windmill;
|
||||
END
|
||||
$$;
|
||||
EOF
|
||||
'';
|
||||
|
||||
windmill-server = {
|
||||
description = "Windmill server";
|
||||
after = [ "network.target" ] ++ lib.optional cfg.database.createLocally "postgresql.service";
|
||||
after = [ "network.target" ] ++ lib.optional cfg.database.createLocally "postgresql.target";
|
||||
wantedBy = [ "multi-user.target" ];
|
||||
|
||||
serviceConfig = serviceConfig // {
|
||||
@ -183,7 +181,7 @@ in
|
||||
|
||||
windmill-worker = {
|
||||
description = "Windmill worker";
|
||||
after = [ "network.target" ] ++ lib.optional cfg.database.createLocally "postgresql.service";
|
||||
after = [ "network.target" ] ++ lib.optional cfg.database.createLocally "postgresql.target";
|
||||
wantedBy = [ "multi-user.target" ];
|
||||
|
||||
serviceConfig = serviceConfig // {
|
||||
@ -201,7 +199,7 @@ in
|
||||
|
||||
windmill-worker-native = {
|
||||
description = "Windmill worker native";
|
||||
after = [ "network.target" ] ++ lib.optional cfg.database.createLocally "postgresql.service";
|
||||
after = [ "network.target" ] ++ lib.optional cfg.database.createLocally "postgresql.target";
|
||||
wantedBy = [ "multi-user.target" ];
|
||||
|
||||
serviceConfig = serviceConfig // {
|
||||
|
@ -93,8 +93,8 @@ in
|
||||
wantedBy = [ "multi-user.target" ];
|
||||
|
||||
wants = [ "network-online.target" ];
|
||||
after = [ "network-online.target" ] ++ lib.optional cfg.database.createLocally "postgresql.service";
|
||||
requires = lib.optional cfg.database.createLocally "postgresql.service";
|
||||
after = [ "network-online.target" ] ++ lib.optional cfg.database.createLocally "postgresql.target";
|
||||
requires = lib.optional cfg.database.createLocally "postgresql.target";
|
||||
|
||||
environment = lib.mapAttrs (_: value: toString value) cfg.settings;
|
||||
|
||||
|
@ -182,7 +182,7 @@ in
|
||||
after = [
|
||||
"network.target"
|
||||
"local-fs.target"
|
||||
"postgresql.service"
|
||||
"postgresql.target"
|
||||
];
|
||||
};
|
||||
|
||||
|
@ -14,7 +14,7 @@
|
||||
|
||||
testScript = ''
|
||||
machine.start()
|
||||
machine.wait_for_unit("postgresql.service")
|
||||
machine.wait_for_unit("postgresql.target")
|
||||
machine.wait_for_unit("coder.service")
|
||||
machine.wait_for_open_port(3000)
|
||||
|
||||
|
@ -55,7 +55,7 @@
|
||||
testScript = ''
|
||||
start_all()
|
||||
|
||||
machine1.wait_for_unit("postgresql.service")
|
||||
machine1.wait_for_unit("postgresql.target")
|
||||
machine1.wait_for_unit("davis-env-setup.service")
|
||||
machine1.wait_for_unit("davis-db-migrate.service")
|
||||
machine1.wait_for_unit("phpfpm-davis.service")
|
||||
|
Some files were not shown because too many files have changed in this diff Show More
Loading…
x
Reference in New Issue
Block a user