mirror of
https://github.com/CHN-beta/nixos.git
synced 2024-10-23 05:18:44 +08:00
services.meilisearch: fix
This commit is contained in:
parent
745525f41f
commit
7aeb283101
@ -13,102 +13,100 @@ inputs:
|
||||
};
|
||||
ioLimitDevice = mkOption { type = types.nullOr types.nonEmptyStr; default = null; };
|
||||
};
|
||||
config =
|
||||
let
|
||||
inherit (inputs.config.nixos.services) meilisearch;
|
||||
inherit (inputs.localLib) stripeTabs attrsToList;
|
||||
inherit (builtins) map listToAttrs concatLists;
|
||||
in
|
||||
config = let inherit (inputs.config.nixos.services) meilisearch; in
|
||||
{
|
||||
systemd =
|
||||
{
|
||||
systemd =
|
||||
{
|
||||
services = listToAttrs (map
|
||||
(instance:
|
||||
services = builtins.listToAttrs (builtins.map
|
||||
(instance:
|
||||
{
|
||||
name = "meilisearch-${instance.name}";
|
||||
value =
|
||||
{
|
||||
name = "meilisearch-${instance.name}";
|
||||
value =
|
||||
description = "meiliSearch ${instance.name}";
|
||||
wantedBy = [ "multi-user.target" ];
|
||||
after = [ "network.target" ];
|
||||
# environment.RUST_BACKTRACE = "full";
|
||||
serviceConfig =
|
||||
{
|
||||
description = "meiliSearch ${instance.name}";
|
||||
wantedBy = [ "multi-user.target" ];
|
||||
after = [ "network.target" ];
|
||||
# environment.RUST_BACKTRACE = "full";
|
||||
serviceConfig =
|
||||
{
|
||||
User = instance.value.user;
|
||||
Group = inputs.config.users.users.${instance.value.user}.group;
|
||||
ExecStart =
|
||||
let
|
||||
meilisearch = inputs.pkgs.meilisearch.overrideAttrs (prev:
|
||||
{
|
||||
RUSTFLAGS = prev.RUSTFLAGS or [] ++ [ "-Clto=true" "-Cpanic=abort" "-Cembed-bitcode=yes"]
|
||||
++ (
|
||||
let inherit (inputs.config.nixos.system.nixpkgs) march;
|
||||
in (if march != null then [ "-Ctarget-cpu=${march}" ] else [])
|
||||
);
|
||||
});
|
||||
config = inputs.config.sops.templates."meilisearch-${instance.name}.toml".path;
|
||||
in
|
||||
"${meilisearch}/bin/meilisearch --config-file-path ${config}";
|
||||
Restart = "always";
|
||||
StartLimitBurst = 3;
|
||||
LimitNOFILE = "infinity";
|
||||
LimitNPROC = "infinity";
|
||||
LimitCORE = "infinity";
|
||||
CPUSchedulingPolicy = "idle";
|
||||
IOSchedulingClass = "idle";
|
||||
IOSchedulingPriority = 4;
|
||||
IOAccounting = true;
|
||||
IOWeight = 1;
|
||||
Nice = 19;
|
||||
Slice = "-.slice";
|
||||
}
|
||||
// (if meilisearch.ioLimitDevice != null then
|
||||
{
|
||||
IOReadBandwidthMax = "${meilisearch.ioLimitDevice} 20M";
|
||||
IOWriteBandwidthMax = "${meilisearch.ioLimitDevice} 20M";
|
||||
# iostat -dx 1
|
||||
IOReadIOPSMax = "${meilisearch.ioLimitDevice} 100";
|
||||
IOWriteIOPSMax = "${meilisearch.ioLimitDevice} 100";
|
||||
} else {});
|
||||
};
|
||||
})
|
||||
(attrsToList meilisearch.instances));
|
||||
tmpfiles.rules = concatLists (map
|
||||
(instance:
|
||||
let
|
||||
user = instance.value.user;
|
||||
group = inputs.config.users.users.${instance.value.user}.group;
|
||||
dir = "/var/lib/meilisearch/${instance.name}";
|
||||
in
|
||||
[ "d ${dir} 0700 ${user} ${group}" "Z ${dir} - ${user} ${group}" ])
|
||||
(attrsToList meilisearch.instances));
|
||||
};
|
||||
sops =
|
||||
{
|
||||
templates = listToAttrs (map
|
||||
(instance:
|
||||
{
|
||||
name = "meilisearch-${instance.name}.toml";
|
||||
value =
|
||||
User = instance.value.user;
|
||||
Group = inputs.config.users.users.${instance.value.user}.group;
|
||||
ExecStart =
|
||||
let
|
||||
meilisearch = inputs.pkgs.meilisearch.overrideAttrs (prev:
|
||||
{
|
||||
RUSTFLAGS = prev.RUSTFLAGS or [] ++ [ "-Clto=true" "-Cpanic=abort" "-Cembed-bitcode=yes"]
|
||||
++ (
|
||||
let inherit (inputs.config.nixos.system.nixpkgs) march;
|
||||
in (if march != null then [ "-Ctarget-cpu=${march}" ] else [])
|
||||
);
|
||||
});
|
||||
config = inputs.config.sops.templates."meilisearch-${instance.name}.toml".path;
|
||||
in
|
||||
"${meilisearch}/bin/meilisearch --config-file-path ${config}";
|
||||
Restart = "always";
|
||||
StartLimitBurst = 3;
|
||||
LimitNOFILE = "infinity";
|
||||
LimitNPROC = "infinity";
|
||||
LimitCORE = "infinity";
|
||||
CPUSchedulingPolicy = "idle";
|
||||
IOSchedulingClass = "idle";
|
||||
IOSchedulingPriority = 4;
|
||||
IOAccounting = true;
|
||||
IOWeight = 1;
|
||||
Nice = 19;
|
||||
Slice = "-.slice";
|
||||
}
|
||||
// (if meilisearch.ioLimitDevice != null then
|
||||
{
|
||||
content =
|
||||
''
|
||||
db_path = "/var/lib/meilisearch/${instance.name}"
|
||||
http_addr = "0.0.0.0:${toString instance.value.port}"
|
||||
master_key = "${inputs.config.sops.placeholder."meilisearch/${instance.name}"}"
|
||||
env = "production"
|
||||
dump_dir = "/var/lib/meilisearch/${instance.name}/dumps"
|
||||
log_level = "INFO"
|
||||
max_indexing_memory = "16Gb"
|
||||
max_indexing_threads = 1
|
||||
'';
|
||||
owner = instance.value.user;
|
||||
};
|
||||
})
|
||||
(attrsToList meilisearch.instances));
|
||||
secrets = listToAttrs (map
|
||||
(instance: { name = "meilisearch/${instance.name}"; value = {}; })
|
||||
(attrsToList meilisearch.instances));
|
||||
};
|
||||
IOReadBandwidthMax = "${meilisearch.ioLimitDevice} 20M";
|
||||
IOWriteBandwidthMax = "${meilisearch.ioLimitDevice} 20M";
|
||||
# iostat -dx 1
|
||||
IOReadIOPSMax = "${meilisearch.ioLimitDevice} 100";
|
||||
IOWriteIOPSMax = "${meilisearch.ioLimitDevice} 100";
|
||||
} else {});
|
||||
};
|
||||
})
|
||||
(inputs.localLib.attrsToList meilisearch.instances));
|
||||
tmpfiles.rules = builtins.concatLists (builtins.map
|
||||
(instance:
|
||||
let
|
||||
user = instance.value.user;
|
||||
group = inputs.config.users.users.${instance.value.user}.group;
|
||||
dir = "/var/lib/meilisearch/${instance.name}";
|
||||
in
|
||||
[ "d ${dir} 0700 ${user} ${group}" "Z ${dir} - ${user} ${group}" ])
|
||||
(inputs.localLib.attrsToList meilisearch.instances));
|
||||
};
|
||||
sops =
|
||||
{
|
||||
templates = builtins.listToAttrs (builtins.map
|
||||
(instance:
|
||||
{
|
||||
name = "meilisearch-${instance.name}.toml";
|
||||
value =
|
||||
{
|
||||
content =
|
||||
''
|
||||
db_path = "/var/lib/meilisearch/${instance.name}"
|
||||
http_addr = "0.0.0.0:${builtins.toString instance.value.port}"
|
||||
master_key = "${inputs.config.sops.placeholder."meilisearch/${instance.name}"}"
|
||||
env = "production"
|
||||
dump_dir = "/var/lib/meilisearch/${instance.name}/dumps"
|
||||
log_level = "INFO"
|
||||
max_indexing_memory = "16Gb"
|
||||
max_indexing_threads = 1
|
||||
'';
|
||||
owner = instance.value.user;
|
||||
};
|
||||
})
|
||||
(inputs.localLib.attrsToList meilisearch.instances));
|
||||
secrets = builtins.listToAttrs (builtins.map
|
||||
(instance: { name = "meilisearch/${instance.name}"; value = {}; })
|
||||
(inputs.localLib.attrsToList meilisearch.instances));
|
||||
};
|
||||
environment.persistence =
|
||||
let inherit (inputs.config.nixos.system) impermanence; in inputs.lib.mkIf impermanence.enable
|
||||
{ "${impermanence.nodatacow}".directories = [ "/var/lib/meilisearch" ]; };
|
||||
};
|
||||
}
|
||||
|
@ -142,9 +142,9 @@ inputs:
|
||||
postgresql.instances = listToAttrs (map
|
||||
(instance: { name = "misskey_${replaceStrings [ "-" ] [ "_" ] instance.name}"; value = {}; })
|
||||
(attrsToList misskey.instances));
|
||||
meilisearch =
|
||||
meilisearch.instances =
|
||||
let instances = filter (instance: instance.value.meilisearch.enable) (attrsToList misskey.instances);
|
||||
in mkIf (instances != []) { instances = listToAttrs (map
|
||||
in listToAttrs (map
|
||||
(instance:
|
||||
{
|
||||
name = "misskey-${instance.name}";
|
||||
@ -154,7 +154,7 @@ inputs:
|
||||
port = instance.value.meilisearch.port;
|
||||
};
|
||||
})
|
||||
instances); };
|
||||
instances);
|
||||
nginx =
|
||||
{
|
||||
enable = mkIf (misskey.instances != {}) true;
|
||||
|
@ -63,7 +63,6 @@ inputs:
|
||||
hideMounts = true;
|
||||
directories =
|
||||
[{ directory = "/var/log/journal"; user = "root"; group = "systemd-journal"; mode = "u=rwx,g=rx+s,o=rx"; }]
|
||||
++ (if inputs.config.nixos.services.meilisearch.instances != {} then [ "/var/lib/meilisearch" ] else [])
|
||||
++ (
|
||||
if inputs.config.nixos.virtualization.kvmHost.enable then
|
||||
[{ directory = "/var/lib/libvirt/images"; mode = "0711"; }]
|
||||
|
Loading…
Reference in New Issue
Block a user