Commit 212c34f8 authored by Marie Ramlow's avatar Marie Ramlow
Browse files

nixos/miniflux: use systemd notify and watchdog 

Miniflux supports notifying systemd when it's ready.
It also supports the systemd watchdog, which will restart miniflux when it's stuck.
parent 73cb87fe

nixos/modules/services/web-apps/miniflux.nix

+11 −4
Original line number Diff line number Diff line 
{ config, lib, pkgs, ... }:



with lib;

let

  inherit (lib) mkEnableOption mkPackageOption mkOption types literalExpression mkIf mkDefault;

  cfg = config.services.miniflux;



  defaultAddress = "localhost:8080";
@@ -20,8 +20,8 @@ in 


      package = mkPackageOption pkgs "miniflux" { };



      createDatabaseLocally = lib.mkOption {

        type = lib.types.bool;

      createDatabaseLocally = mkOption {

        type = types.bool;

        default = true;

        description = ''

          Whether a PostgreSQL database should be automatically created and
@@ -66,6 +66,7 @@ in 
      DATABASE_URL = lib.mkIf cfg.createDatabaseLocally "user=miniflux host=/run/postgresql dbname=miniflux";

      RUN_MIGRATIONS = 1;

      CREATE_ADMIN = 1;

      WATCHDOG = 1;

    };



    services.postgresql = lib.mkIf cfg.createDatabaseLocally {
@@ -96,12 +97,18 @@ in 
        ++ lib.optionals cfg.createDatabaseLocally [ "postgresql.service" "miniflux-dbsetup.service" ];



      serviceConfig = {

        ExecStart = "${cfg.package}/bin/miniflux";

        Type = "notify";

        ExecStart = lib.getExe cfg.package;

        User = "miniflux";

        DynamicUser = true;

        RuntimeDirectory = "miniflux";

        RuntimeDirectoryMode = "0750";

        EnvironmentFile = cfg.adminCredentialsFile;

        WatchdogSec = 60;

        WatchdogSignal = "SIGKILL";

        Restart = "always";

        RestartSec = 5;



        # Hardening

        CapabilityBoundingSet = [ "" ];

        DeviceAllow = [ "" ];