Jordan Holt
2aa6dd2aa7
All checks were successful
Check flake / build-amd64-linux (push) Successful in 1m16s
59 lines
1.6 KiB
Nix
59 lines
1.6 KiB
Nix
{
|
|
inputs,
|
|
config,
|
|
pkgs,
|
|
...
|
|
}:
|
|
|
|
{
|
|
age.secrets."files/services/meilisearch/envfile" = {
|
|
file = "${inputs.secrets}/files/services/meilisearch/envfile.age";
|
|
};
|
|
|
|
services.meilisearch = {
|
|
enable = true;
|
|
package = pkgs.meilisearch;
|
|
masterKeyEnvironmentFile = config.age.secrets."files/services/meilisearch/envfile".path;
|
|
};
|
|
|
|
users.users.jellysearch = {
|
|
group = "jellysearch";
|
|
isSystemUser = true;
|
|
};
|
|
|
|
users.groups.jellysearch = { };
|
|
|
|
systemd.services.jellysearch = {
|
|
enable = true;
|
|
description = "JellySearch";
|
|
wantedBy = [ "multi-user.target" ];
|
|
after = [ "network-online.target" ];
|
|
wants = [ "network-online.target" ];
|
|
serviceConfig = {
|
|
Restart = "on-failure";
|
|
ExecStart = "${pkgs.jellysearch}/bin/jellysearch";
|
|
StateDirectory = "jellysearch";
|
|
StateDirectoryMode = "0750";
|
|
WorkingDirectory = "/var/lib/jellysearch";
|
|
EnvironmentFile = config.age.secrets."files/services/meilisearch/envfile".path;
|
|
|
|
NoNewPrivileges = true;
|
|
SystemCallArchitectures = "native";
|
|
RestrictRealtime = true;
|
|
RestrictSUIDSGID = true;
|
|
ProtectHostname = true;
|
|
LockPersonality = true;
|
|
PrivateDevices = true;
|
|
PrivateUsers = true;
|
|
RemoveIPC = true;
|
|
};
|
|
environment = {
|
|
DOTNET_ENVIRONMENT = "Production";
|
|
INDEX_CRON = "0 0 0/2 ? * * *";
|
|
JELLYFIN_URL = "http://localhost:8096";
|
|
JELLYFIN_CONFIG_DIR = "${toString config.services.jellyfin.dataDir}";
|
|
MEILI_URL = "http://localhost:${toString config.services.meilisearch.listenPort}";
|
|
};
|
|
};
|
|
}
|