diff --git a/modules/services/meilisearch.nix b/modules/services/meilisearch.nix index b78441bd..8e235c2c 100644 --- a/modules/services/meilisearch.nix +++ b/modules/services/meilisearch.nix @@ -13,102 +13,100 @@ inputs: }; ioLimitDevice = mkOption { type = types.nullOr types.nonEmptyStr; default = null; }; }; - config = - let - inherit (inputs.config.nixos.services) meilisearch; - inherit (inputs.localLib) stripeTabs attrsToList; - inherit (builtins) map listToAttrs concatLists; - in + config = let inherit (inputs.config.nixos.services) meilisearch; in + { + systemd = { - systemd = - { - services = listToAttrs (map - (instance: + services = builtins.listToAttrs (builtins.map + (instance: + { + name = "meilisearch-${instance.name}"; + value = { - name = "meilisearch-${instance.name}"; - value = + description = "meiliSearch ${instance.name}"; + wantedBy = [ "multi-user.target" ]; + after = [ "network.target" ]; + # environment.RUST_BACKTRACE = "full"; + serviceConfig = { - description = "meiliSearch ${instance.name}"; - wantedBy = [ "multi-user.target" ]; - after = [ "network.target" ]; - # environment.RUST_BACKTRACE = "full"; - serviceConfig = - { - User = instance.value.user; - Group = inputs.config.users.users.${instance.value.user}.group; - ExecStart = - let - meilisearch = inputs.pkgs.meilisearch.overrideAttrs (prev: - { - RUSTFLAGS = prev.RUSTFLAGS or [] ++ [ "-Clto=true" "-Cpanic=abort" "-Cembed-bitcode=yes"] - ++ ( - let inherit (inputs.config.nixos.system.nixpkgs) march; - in (if march != null then [ "-Ctarget-cpu=${march}" ] else []) - ); - }); - config = inputs.config.sops.templates."meilisearch-${instance.name}.toml".path; - in - "${meilisearch}/bin/meilisearch --config-file-path ${config}"; - Restart = "always"; - StartLimitBurst = 3; - LimitNOFILE = "infinity"; - LimitNPROC = "infinity"; - LimitCORE = "infinity"; - CPUSchedulingPolicy = "idle"; - IOSchedulingClass = "idle"; - IOSchedulingPriority = 4; - IOAccounting = true; - IOWeight = 1; - Nice = 19; - Slice = "-.slice"; - } - // (if meilisearch.ioLimitDevice != null then - { - IOReadBandwidthMax = "${meilisearch.ioLimitDevice} 20M"; - IOWriteBandwidthMax = "${meilisearch.ioLimitDevice} 20M"; - # iostat -dx 1 - IOReadIOPSMax = "${meilisearch.ioLimitDevice} 100"; - IOWriteIOPSMax = "${meilisearch.ioLimitDevice} 100"; - } else {}); - }; - }) - (attrsToList meilisearch.instances)); - tmpfiles.rules = concatLists (map - (instance: - let - user = instance.value.user; - group = inputs.config.users.users.${instance.value.user}.group; - dir = "/var/lib/meilisearch/${instance.name}"; - in - [ "d ${dir} 0700 ${user} ${group}" "Z ${dir} - ${user} ${group}" ]) - (attrsToList meilisearch.instances)); - }; - sops = - { - templates = listToAttrs (map - (instance: - { - name = "meilisearch-${instance.name}.toml"; - value = + User = instance.value.user; + Group = inputs.config.users.users.${instance.value.user}.group; + ExecStart = + let + meilisearch = inputs.pkgs.meilisearch.overrideAttrs (prev: + { + RUSTFLAGS = prev.RUSTFLAGS or [] ++ [ "-Clto=true" "-Cpanic=abort" "-Cembed-bitcode=yes"] + ++ ( + let inherit (inputs.config.nixos.system.nixpkgs) march; + in (if march != null then [ "-Ctarget-cpu=${march}" ] else []) + ); + }); + config = inputs.config.sops.templates."meilisearch-${instance.name}.toml".path; + in + "${meilisearch}/bin/meilisearch --config-file-path ${config}"; + Restart = "always"; + StartLimitBurst = 3; + LimitNOFILE = "infinity"; + LimitNPROC = "infinity"; + LimitCORE = "infinity"; + CPUSchedulingPolicy = "idle"; + IOSchedulingClass = "idle"; + IOSchedulingPriority = 4; + IOAccounting = true; + IOWeight = 1; + Nice = 19; + Slice = "-.slice"; + } + // (if meilisearch.ioLimitDevice != null then { - content = - '' - db_path = "/var/lib/meilisearch/${instance.name}" - http_addr = "0.0.0.0:${toString instance.value.port}" - master_key = "${inputs.config.sops.placeholder."meilisearch/${instance.name}"}" - env = "production" - dump_dir = "/var/lib/meilisearch/${instance.name}/dumps" - log_level = "INFO" - max_indexing_memory = "16Gb" - max_indexing_threads = 1 - ''; - owner = instance.value.user; - }; - }) - (attrsToList meilisearch.instances)); - secrets = listToAttrs (map - (instance: { name = "meilisearch/${instance.name}"; value = {}; }) - (attrsToList meilisearch.instances)); - }; + IOReadBandwidthMax = "${meilisearch.ioLimitDevice} 20M"; + IOWriteBandwidthMax = "${meilisearch.ioLimitDevice} 20M"; + # iostat -dx 1 + IOReadIOPSMax = "${meilisearch.ioLimitDevice} 100"; + IOWriteIOPSMax = "${meilisearch.ioLimitDevice} 100"; + } else {}); + }; + }) + (inputs.localLib.attrsToList meilisearch.instances)); + tmpfiles.rules = builtins.concatLists (builtins.map + (instance: + let + user = instance.value.user; + group = inputs.config.users.users.${instance.value.user}.group; + dir = "/var/lib/meilisearch/${instance.name}"; + in + [ "d ${dir} 0700 ${user} ${group}" "Z ${dir} - ${user} ${group}" ]) + (inputs.localLib.attrsToList meilisearch.instances)); }; + sops = + { + templates = builtins.listToAttrs (builtins.map + (instance: + { + name = "meilisearch-${instance.name}.toml"; + value = + { + content = + '' + db_path = "/var/lib/meilisearch/${instance.name}" + http_addr = "0.0.0.0:${builtins.toString instance.value.port}" + master_key = "${inputs.config.sops.placeholder."meilisearch/${instance.name}"}" + env = "production" + dump_dir = "/var/lib/meilisearch/${instance.name}/dumps" + log_level = "INFO" + max_indexing_memory = "16Gb" + max_indexing_threads = 1 + ''; + owner = instance.value.user; + }; + }) + (inputs.localLib.attrsToList meilisearch.instances)); + secrets = builtins.listToAttrs (builtins.map + (instance: { name = "meilisearch/${instance.name}"; value = {}; }) + (inputs.localLib.attrsToList meilisearch.instances)); + }; + environment.persistence = + let inherit (inputs.config.nixos.system) impermanence; in inputs.lib.mkIf impermanence.enable + { "${impermanence.nodatacow}".directories = [ "/var/lib/meilisearch" ]; }; + }; } diff --git a/modules/services/misskey.nix b/modules/services/misskey.nix index 99e7ab89..78d0cf7d 100644 --- a/modules/services/misskey.nix +++ b/modules/services/misskey.nix @@ -142,9 +142,9 @@ inputs: postgresql.instances = listToAttrs (map (instance: { name = "misskey_${replaceStrings [ "-" ] [ "_" ] instance.name}"; value = {}; }) (attrsToList misskey.instances)); - meilisearch = + meilisearch.instances = let instances = filter (instance: instance.value.meilisearch.enable) (attrsToList misskey.instances); - in mkIf (instances != []) { instances = listToAttrs (map + in listToAttrs (map (instance: { name = "misskey-${instance.name}"; @@ -154,7 +154,7 @@ inputs: port = instance.value.meilisearch.port; }; }) - instances); }; + instances); nginx = { enable = mkIf (misskey.instances != {}) true; diff --git a/modules/system/impermanence.nix b/modules/system/impermanence.nix index 16e49bfd..45b2dbe1 100644 --- a/modules/system/impermanence.nix +++ b/modules/system/impermanence.nix @@ -63,7 +63,6 @@ inputs: hideMounts = true; directories = [{ directory = "/var/log/journal"; user = "root"; group = "systemd-journal"; mode = "u=rwx,g=rx+s,o=rx"; }] - ++ (if inputs.config.nixos.services.meilisearch.instances != {} then [ "/var/lib/meilisearch" ] else []) ++ ( if inputs.config.nixos.virtualization.kvmHost.enable then [{ directory = "/var/lib/libvirt/images"; mode = "0711"; }]