Gleipnir/nixos-systems
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

Proxy requests to nidus through systemd socket

Browse source 
This should make it far more possible to have zero-downtime deployments
and avoid crash reports for expiring contexts in Glitchtip
This commit is contained in:
Eli Ribble 2026-04-29 05:00:38 +00:00
parent 502705df4f
commit d89d9b318c
No known key found for this signature in database
3 changed files with 22 additions and 11 deletions
Download patch file Download diff file Expand all files Collapse all files

8
flake.lock generated
View file

@ -333,17 +333,17 @@
"proj": "proj"
},
"locked": {
"lastModified": 1777390215,
"narHash": "sha256-Efmg2+ssZNVwc7UOIqjMWR2rzQ7FCms6uoqBwDxeD80=",
"lastModified": 1777418659,
"narHash": "sha256-kxrsCfoRc6pc45t9P4np6HjPNx3a6A7KZclsL0g/aWE=",
"owner": "Gleipnir-Technology",
"repo": "nidus-sync",
"rev": "20bf272746b78147f1a1608610a660f45407c43c",
"rev": "f3af19f03a2b839cbf534234738b3f1bd6535f7d",
"type": "github"
},
"original": {
"owner": "Gleipnir-Technology",
"repo": "nidus-sync",
"rev": "20bf272746b78147f1a1608610a660f45407c43c",
"rev": "f3af19f03a2b839cbf534234738b3f1bd6535f7d",
"type": "github"
}
},

2
flake.nix
View file

@ -24,7 +24,7 @@
type = "github";
owner = "Gleipnir-Technology";
repo = "nidus-sync";
rev = "20bf272746b78147f1a1608610a660f45407c43c";
rev = "f3af19f03a2b839cbf534234738b3f1bd6535f7d";
};
nixos-facter-modules.url = "github:numtide/nixos-facter-modules";
nixpkgs.url = "github:NixOS/nixpkgs/nixos-25.11";

23
modules/system/nidus-sync.nix
View file

@ -9,6 +9,8 @@ let
dataDirectoryString = "/mnt/bigdisk/nidus-sync";
group = nidusName;
nidusName = "nidus-sync";
nidusNameSocket = "${nidusName}";
nidusNameWebserver = "${nidusName}-webserver";
nidus-sync-pkg = inputs.nidus-sync.packages.x86_64-linux.default;
port = 10000;
secretsName = "${nidusName}-env";
@ -96,17 +98,17 @@ in {
group = "${group}";
mode = "0440";
owner = "${user}";
restartUnits = ["${nidusName}-webserver.service"];
restartUnits = ["${nidusNameWebserver}.service"];
sopsFile = ../../secrets/${cfg.environment}/${nidusName}.env;
};
systemd.services."${nidusName}-webserver" = {
after=["network.target" "network-online.target"];
systemd.services."${nidusNameWebserver}" = {
after=["${nidusNameSocket}.socket" "network.target"];
description="Nidus Sync Webserver";
path = with pkgs; [
ffmpeg
google-chrome
];
requires=["network-online.target"];
requires=["${nidusNameSocket}.socket"];
serviceConfig = {
Group = "${group}";
Environment=[
@ -115,15 +117,24 @@ in {
];
EnvironmentFile="${environmentFile}";
ExecStart = "${nidus-sync-pkg}/bin/nidus-sync";
KillMode = "mixed"; # SIGTERM to main process, SIGKILL to process group after timeout
KillSignal = "SIGTERM";
PrivateTmp = true;
Restart = "on-failure";
StateDirectory = "nidus-sync"; # Creates /var/lib/nidus-sync
TimeoutStopSec = "5s";
TimeoutStopSec = 30;
Type = "simple";
User = "${user}";
WorkingDirectory = "/var/lib/nidus-sync";
};
wantedBy = ["multi-user.target"];
};
systemd.sockets."${nidusNameSocket}" = {
listenStreams = [ "${toString port}" ];
socketConfig = {
BindIPv6Only = "both";
Service = "${nidusNameWebserver}.service";
};
wantedBy = [ "multi-user.target" ];
};
systemd.tmpfiles.rules = [
"d ${dataDirectoryString} 0755 ${nidusName} ${nidusName}"