commit 0f60c45e9c577124dc371e442bdf5d91fc52d9dd

pyrox.dev / nixpkgs

lol

nixos/unifi: refactor mountpoints

Use service internal bind mounts instead of global ones.

This also moves the logs to /var/log/unifi on the host
and the run directory to /run/unifi.

Closes #61424

authored by

Pascal Bach and committed by

Kerstin 4 years ago 0f60c45e 79ea7aa9

+64 -54

3 changed files

expand all

unified split

nixos

doc

manual

from_md

release-notes

rl-2111.section.xml

release-notes

rl-2111.section.md

modules

services

networking

unifi.nix

+33

nixos/doc/manual/from_md/release-notes/rl-2111.section.xml

··· 1817 1817 </listitem> 1818 1818 </itemizedlist> 1819 1819 </listitem> 1820 + <listitem> 1821 + <para> 1822 + The 1823 + <link xlink:href="options.html#opt-services.unifi.enable">services.unifi</link> 1824 + module has been reworked, solving a number of issues. This 1825 + leads to several user facing changes: 1826 + </para> 1827 + <itemizedlist spacing="compact"> 1828 + <listitem> 1829 + <para> 1830 + The <literal>services.unifi.dataDir</literal> option is 1831 + removed and the data is now always located under 1832 + <literal>/var/lib/unifi/data</literal>. This is done to 1833 + make better use of systemd state direcotiry and thus 1834 + making the service restart more reliable. 1835 + </para> 1836 + </listitem> 1837 + <listitem> 1838 + <para> 1839 + The unifi logs can now be found under: 1840 + <literal>/var/log/unifi</literal> instead of 1841 + <literal>/var/lib/unifi/logs</literal>. 1842 + </para> 1843 + </listitem> 1844 + <listitem> 1845 + <para> 1846 + The unifi run directory can now be found under: 1847 + <literal>/run/unifi</literal> instead of 1848 + <literal>/var/lib/unifi/run</literal>. 1849 + </para> 1850 + </listitem> 1851 + </itemizedlist> 1852 + </listitem> 1820 1853 </itemizedlist> 1821 1854 </section> 1822 1855 </section>

nixos/doc/manual/release-notes/rl-2111.section.md

··· 509 509 - Dokuwiki now supports caddy! However 510 510 - the nginx option has been removed, in the new configuration, please use the `dokuwiki.webserver = "nginx"` instead. 511 511 - The "${hostname}" option has been deprecated, please use `dokuwiki.sites = [ "${hostname}" ]` instead 512 + 513 + - The [services.unifi](options.html#opt-services.unifi.enable) module has been reworked, solving a number of issues. This leads to several user facing changes: 514 + - The `services.unifi.dataDir` option is removed and the data is now always located under `/var/lib/unifi/data`. This is done to make better use of systemd state direcotiry and thus making the service restart more reliable. 515 + - The unifi logs can now be found under: `/var/log/unifi` instead of `/var/lib/unifi/logs`. 516 + - The unifi run directory can now be found under: `/run/unifi` instead of `/var/lib/unifi/run`.

+26 -54

nixos/modules/services/networking/unifi.nix

··· 9 9 ${optionalString (cfg.maximumJavaHeapSize != null) "-Xmx${(toString cfg.maximumJavaHeapSize)}m"} \ 10 10 -jar ${stateDir}/lib/ace.jar 11 11 ''; 12 - mountPoints = [ 13 - { 14 - what = "${cfg.unifiPackage}/dl"; 15 - where = "${stateDir}/dl"; 16 - } 17 - { 18 - what = "${cfg.unifiPackage}/lib"; 19 - where = "${stateDir}/lib"; 20 - } 21 - { 22 - what = "${cfg.mongodbPackage}/bin"; 23 - where = "${stateDir}/bin"; 24 - } 25 - { 26 - what = "${cfg.dataDir}"; 27 - where = "${stateDir}/data"; 28 - } 29 - ]; 30 - systemdMountPoints = map (m: "${utils.escapeSystemdPath m.where}.mount") mountPoints; 31 12 in 32 13 { 33 14 ··· 68 49 ''; 69 50 }; 70 51 71 - services.unifi.dataDir = mkOption { 72 - type = types.str; 73 - default = "${stateDir}/data"; 74 - description = '' 75 - Where to store the database and other data. 76 - 77 - This directory will be bind-mounted to ${stateDir}/data as part of the service startup. 78 - ''; 79 - }; 80 - 81 52 services.unifi.openPorts = mkOption { 82 53 type = types.bool; 83 54 default = true; ··· 136 107 ]; 137 108 }; 138 109 139 - # We must create the binary directories as bind mounts instead of symlinks 140 - # This is because the controller resolves all symlinks to absolute paths 141 - # to be used as the working directory. 142 - systemd.mounts = map ({ what, where }: { 143 - bindsTo = [ "unifi.service" ]; 144 - partOf = [ "unifi.service" ]; 145 - unitConfig.RequiresMountsFor = stateDir; 146 - options = "bind"; 147 - what = what; 148 - where = where; 149 - }) mountPoints; 150 - 151 - systemd.tmpfiles.rules = [ 152 - "d '${stateDir}' 0700 unifi - - -" 153 - "d '${stateDir}/data' 0700 unifi - - -" 154 - "d '${stateDir}/webapps' 0700 unifi - - -" 155 - "L+ '${stateDir}/webapps/ROOT' - - - - ${cfg.unifiPackage}/webapps/ROOT" 156 - ]; 157 - 158 110 systemd.services.unifi = { 159 111 description = "UniFi controller daemon"; 160 112 wantedBy = [ "multi-user.target" ]; 161 - after = [ "network.target" ] ++ systemdMountPoints; 162 - partOf = systemdMountPoints; 163 - bindsTo = systemdMountPoints; 164 - unitConfig.RequiresMountsFor = stateDir; 113 + after = [ "network.target" ]; 114 + 165 115 # This a HACK to fix missing dependencies of dynamic libs extracted from jars 166 116 environment.LD_LIBRARY_PATH = with pkgs.stdenv; "${cc.cc.lib}/lib"; 167 117 # Make sure package upgrades trigger a service restart ··· 209 159 SystemCallErrorNumber = "EPERM"; 210 160 SystemCallFilter = [ "@system-service" ]; 211 161 212 - # Required for ProtectSystem=strict 213 - BindPaths = [ stateDir ]; 162 + StateDirectory = "unifi"; 163 + RuntimeDirectory = "unifi"; 164 + LogsDirectory = "unifi"; 165 + CacheDirectory= "unifi"; 166 + 167 + TemporaryFileSystem = [ 168 + # required as we want to create bind mounts below 169 + "${stateDir}/webapps:rw" 170 + ]; 171 + 172 + # We must create the binary directories as bind mounts instead of symlinks 173 + # This is because the controller resolves all symlinks to absolute paths 174 + # to be used as the working directory. 175 + BindPaths = [ 176 + "/var/log/unifi:${stateDir}/logs" 177 + "/run/unifi:${stateDir}/run" 178 + "${cfg.unifiPackage}/dl:${stateDir}/dl" 179 + "${cfg.unifiPackage}/lib:${stateDir}/lib" 180 + "${cfg.mongodbPackage}/bin:${stateDir}/bin" 181 + "${cfg.unifiPackage}/webapps/ROOT:${stateDir}/webapps/ROOT" 182 + ]; 214 183 215 184 # Needs network access 216 185 PrivateNetwork = false; ··· 220 189 }; 221 190 222 191 }; 192 + imports = [ 193 + (mkRemovedOptionModule [ "services" "unifi" "dataDir" ] "You should move contents of dataDir to /var/lib/unifi/data" ) 194 + ]; 223 195 224 196 meta.maintainers = with lib.maintainers; [ erictapen pennae ]; 225 197 }