services.meilisearch: fix

2024-10-23 05:18:44 +08:00 · 2024-05-30 15:15:27 +08:00 · 2024-05-30 15:15:27 +08:00 · 7aeb283101
commit 7aeb283101
parent 745525f41f
3 changed files with 94 additions and 97 deletions
--- a/modules/services/meilisearch.nix
+++ b/modules/services/meilisearch.nix
@ -13,102 +13,100 @@ inputs:
    };
    ioLimitDevice = mkOption { type = types.nullOr types.nonEmptyStr; default = null; };
  };
-  config =
-    let
-      inherit (inputs.config.nixos.services) meilisearch;
-      inherit (inputs.localLib) stripeTabs attrsToList;
-      inherit (builtins) map listToAttrs concatLists;
-    in
+  config = let inherit (inputs.config.nixos.services) meilisearch; in
+  {
+    systemd =
    {
-      systemd =
-      {
-        services = listToAttrs (map
-          (instance:
+      services = builtins.listToAttrs (builtins.map
+        (instance:
+        {
+          name = "meilisearch-${instance.name}";
+          value =
          {
-            name = "meilisearch-${instance.name}";
-            value =
+            description = "meiliSearch ${instance.name}";
+            wantedBy = [ "multi-user.target" ];
+            after = [ "network.target" ];
+            # environment.RUST_BACKTRACE = "full";
+            serviceConfig =
            {
-              description = "meiliSearch ${instance.name}";
-              wantedBy = [ "multi-user.target" ];
-              after = [ "network.target" ];
-              # environment.RUST_BACKTRACE = "full";
-              serviceConfig =
-              {
-                User = instance.value.user;
-                Group = inputs.config.users.users.${instance.value.user}.group;
-                ExecStart =
-                  let
-                    meilisearch = inputs.pkgs.meilisearch.overrideAttrs (prev:
-                    {
-                      RUSTFLAGS = prev.RUSTFLAGS or [] ++ [ "-Clto=true" "-Cpanic=abort" "-Cembed-bitcode=yes"]
-                        ++ (
-                          let inherit (inputs.config.nixos.system.nixpkgs) march;
-                          in (if march != null then [ "-Ctarget-cpu=${march}" ] else [])
-                        );
-                    });
-                    config = inputs.config.sops.templates."meilisearch-${instance.name}.toml".path;
-                  in
-                    "${meilisearch}/bin/meilisearch --config-file-path ${config}";
-                Restart = "always";
-                StartLimitBurst = 3;
-                LimitNOFILE = "infinity";
-                LimitNPROC = "infinity";
-                LimitCORE = "infinity";
-                CPUSchedulingPolicy = "idle";
-                IOSchedulingClass = "idle";
-                IOSchedulingPriority = 4;
-                IOAccounting = true;
-                IOWeight = 1;
-                Nice = 19;
-                Slice = "-.slice";
-              }
-              // (if meilisearch.ioLimitDevice != null then
-              {
-                IOReadBandwidthMax = "${meilisearch.ioLimitDevice} 20M";
-                IOWriteBandwidthMax = "${meilisearch.ioLimitDevice} 20M";
-                # iostat -dx 1
-                IOReadIOPSMax = "${meilisearch.ioLimitDevice} 100";
-                IOWriteIOPSMax = "${meilisearch.ioLimitDevice} 100";
-              } else {});
-            };
-          })
-          (attrsToList meilisearch.instances));
-        tmpfiles.rules = concatLists (map
-          (instance:
-            let
-              user = instance.value.user;
-              group = inputs.config.users.users.${instance.value.user}.group;
-              dir = "/var/lib/meilisearch/${instance.name}";
-            in
-              [ "d ${dir} 0700 ${user} ${group}" "Z ${dir} - ${user} ${group}" ])
-          (attrsToList meilisearch.instances));
-      };
-      sops =
-      {
-        templates = listToAttrs (map
-          (instance:
-          {
-            name = "meilisearch-${instance.name}.toml";
-            value =
+              User = instance.value.user;
+              Group = inputs.config.users.users.${instance.value.user}.group;
+              ExecStart =
+                let
+                  meilisearch = inputs.pkgs.meilisearch.overrideAttrs (prev:
+                  {
+                    RUSTFLAGS = prev.RUSTFLAGS or [] ++ [ "-Clto=true" "-Cpanic=abort" "-Cembed-bitcode=yes"]
+                      ++ (
+                        let inherit (inputs.config.nixos.system.nixpkgs) march;
+                        in (if march != null then [ "-Ctarget-cpu=${march}" ] else [])
+                      );
+                  });
+                  config = inputs.config.sops.templates."meilisearch-${instance.name}.toml".path;
+                in
+                  "${meilisearch}/bin/meilisearch --config-file-path ${config}";
+              Restart = "always";
+              StartLimitBurst = 3;
+              LimitNOFILE = "infinity";
+              LimitNPROC = "infinity";
+              LimitCORE = "infinity";
+              CPUSchedulingPolicy = "idle";
+              IOSchedulingClass = "idle";
+              IOSchedulingPriority = 4;
+              IOAccounting = true;
+              IOWeight = 1;
+              Nice = 19;
+              Slice = "-.slice";
+            }
+            // (if meilisearch.ioLimitDevice != null then
            {
-              content =
-              ''
-                db_path = "/var/lib/meilisearch/${instance.name}"
-                http_addr = "0.0.0.0:${toString instance.value.port}"
-                master_key = "${inputs.config.sops.placeholder."meilisearch/${instance.name}"}"
-                env = "production"
-                dump_dir = "/var/lib/meilisearch/${instance.name}/dumps"
-                log_level = "INFO"
-                max_indexing_memory = "16Gb"
-                max_indexing_threads = 1
-              '';
-              owner = instance.value.user;
-            };
-          })
-          (attrsToList meilisearch.instances));
-        secrets = listToAttrs (map
-          (instance: { name = "meilisearch/${instance.name}"; value = {}; })
-          (attrsToList meilisearch.instances));
-      };
+              IOReadBandwidthMax = "${meilisearch.ioLimitDevice} 20M";
+              IOWriteBandwidthMax = "${meilisearch.ioLimitDevice} 20M";
+              # iostat -dx 1
+              IOReadIOPSMax = "${meilisearch.ioLimitDevice} 100";
+              IOWriteIOPSMax = "${meilisearch.ioLimitDevice} 100";
+            } else {});
+          };
+        })
+        (inputs.localLib.attrsToList meilisearch.instances));
+      tmpfiles.rules = builtins.concatLists (builtins.map
+        (instance:
+          let
+            user = instance.value.user;
+            group = inputs.config.users.users.${instance.value.user}.group;
+            dir = "/var/lib/meilisearch/${instance.name}";
+          in
+            [ "d ${dir} 0700 ${user} ${group}" "Z ${dir} - ${user} ${group}" ])
+        (inputs.localLib.attrsToList meilisearch.instances));
    };
+    sops =
+    {
+      templates = builtins.listToAttrs (builtins.map
+        (instance:
+        {
+          name = "meilisearch-${instance.name}.toml";
+          value =
+          {
+            content =
+            ''
+              db_path = "/var/lib/meilisearch/${instance.name}"
+              http_addr = "0.0.0.0:${builtins.toString instance.value.port}"
+              master_key = "${inputs.config.sops.placeholder."meilisearch/${instance.name}"}"
+              env = "production"
+              dump_dir = "/var/lib/meilisearch/${instance.name}/dumps"
+              log_level = "INFO"
+              max_indexing_memory = "16Gb"
+              max_indexing_threads = 1
+            '';
+            owner = instance.value.user;
+          };
+        })
+        (inputs.localLib.attrsToList meilisearch.instances));
+      secrets = builtins.listToAttrs (builtins.map
+        (instance: { name = "meilisearch/${instance.name}"; value = {}; })
+        (inputs.localLib.attrsToList meilisearch.instances));
+    };
+    environment.persistence =
+      let inherit (inputs.config.nixos.system) impermanence; in inputs.lib.mkIf impermanence.enable
+        { "${impermanence.nodatacow}".directories = [ "/var/lib/meilisearch" ]; };
+  };
 }
--- a/modules/services/misskey.nix
+++ b/modules/services/misskey.nix
@ -142,9 +142,9 @@ inputs:
        postgresql.instances = listToAttrs (map
          (instance: { name = "misskey_${replaceStrings [ "-" ] [ "_" ] instance.name}"; value = {}; })
          (attrsToList misskey.instances));
-        meilisearch =
+        meilisearch.instances =
          let instances = filter (instance: instance.value.meilisearch.enable) (attrsToList misskey.instances);
-          in mkIf (instances != []) { instances = listToAttrs (map
+          in listToAttrs (map
            (instance:
            {
              name = "misskey-${instance.name}";
@ -154,7 +154,7 @@ inputs:
                port = instance.value.meilisearch.port;
              };
            })
-            instances); };
+            instances);
        nginx =
        {
          enable = mkIf (misskey.instances != {}) true;
--- a/modules/system/impermanence.nix
+++ b/modules/system/impermanence.nix
@ -63,7 +63,6 @@ inputs:
          hideMounts = true;
          directories =
            [{ directory = "/var/log/journal"; user = "root"; group = "systemd-journal"; mode = "u=rwx,g=rx+s,o=rx"; }]
-            ++ (if inputs.config.nixos.services.meilisearch.instances != {} then [ "/var/lib/meilisearch" ] else [])
            ++ (
              if inputs.config.nixos.virtualization.kvmHost.enable then
                [{ directory = "/var/lib/libvirt/images"; mode = "0711"; }]