diff options
Diffstat (limited to 'service.nix')
| -rw-r--r-- | service.nix | 42 |
1 files changed, 40 insertions, 2 deletions
diff --git a/service.nix b/service.nix index e1ebe1c..9c93fe8 100644 --- a/service.nix +++ b/service.nix @@ -13,6 +13,11 @@ in description = "Domain under which lex-surf will be served."; }; + fetchUser = lib.mkOption { + type = lib.types.str; + description = "User account used to run lex-fetch."; + }; + enableACME = lib.mkOption { type = lib.types.bool; description = "Whether to generate certificates."; @@ -59,10 +64,43 @@ in environment = { SOCKET_PATH = socketPath; DOMAIN = cfg.domain; + LAWS_DIR = "/var/lib/lex-fetch"; }; wantedBy = ["multi-user.target"]; }; + systemd.services."lex-fetch@" = { + serviceConfig = { + ExecStart = "${lex_surf}/bin/lex-fetch %i /var/lib/lex-fetch/%i.json"; + User = cfg.fetchUser; + StateDirectory = "lex-fetch"; # creates /var/lib/lex-fetch + LogExtraFields = "LOG_FORMAT=logfmt"; + }; + + environment = { + SOCKET_PATH = socketPath; + }; + }; + + systemd.timers = + let + countries = lib.filter (name: lib.elem name ccTLDs) ( + builtins.attrNames (builtins.readDir ./lex-fetch) + ); + in + builtins.listToAttrs ( + map (country: { + name = "lex-fetch-${country}"; + value = { + wantedBy = ["timers.target"]; + timerConfig = { + OnCalendar = "daily"; + Unit = "lex-fetch@${country}.service"; + }; + }; + }) countries + ); + security.acme.certs = lib.mkIf cfg.enableACME ( builtins.listToAttrs ( lib.imap0 (i: ccTLDs: { @@ -123,8 +161,8 @@ in recommendedProxySettings = true; }; locations."=/laws.json" = { - root = lex_surf; - tryFiles = "/laws/$cc.json =404"; + root = "/var/lib/lex-fetch"; + tryFiles = "/$cc.json =404"; extraConfig = '' gzip on; gzip_types *; |