New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
arangodb: Add arangodb as a NixOS service #40167
Conversation
1a8aef7
to
ec2effc
Compare
921c16e
to
21f4f95
Compare
|
||
users.extraGroups.arangodb.gid = config.ids.gids.arangodb; | ||
|
||
environment.systemPackages = [ pkgs.arangodb ]; |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
You shouldn't need to add the arangodb
package system wide. See comment below...
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Okay, I have removed it
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
But if I remove it, I don't have access to arangosh and else by default
78455a6
to
8c9275f
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
But if I remove it, I don't have access to arangosh and else by default.
Correct.
NixOS service modules are only responsible for setting up systemd units. They don't need to install packages into the user environment (which is what environment.systemPackages = [ pkgs.arangodb ];
does) in order to perform this function.
If users want access to the arangosh administration utilities (such as arangosh
) then they should add the package to the user environment, just like they would any other package.
This maintains separation of concerns: services create systemd units and user environments set up $PATH
to make executables available to users.
''; | ||
|
||
script = '' | ||
exec arangod \ |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Instead of exec arangod
you can do exec ${pkgs.arangodb}/bin/arangod
. That will pull in arangodb
as a dependency with no need for environment.systemPackages = [ pkgs.arangodb ];
If a user wants to use other binaries in the package (client tools perhaps), he/she can then add the package explicitly either system wide or through nix-env
.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Ok thanks I will change this
This pull request has been mentioned on Nix community. There might be relevant details there: https://discourse.nixos.org/t/arangodb-installation-and-how-to/2105/3 |
@babariviere Do you have motivation to continue with this PR? |
I will finish it, but I cannot test it for now. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Please let me know if you need any clarification on my comments or help in general with the module. Seems to be sought after in NixOS so thanks for tackling 👍
You mentioned testing... a NixOS test would be very valuable to have so are you able to write one?
@@ -340,6 +340,7 @@ | |||
cockroachdb = 313; | |||
zoneminder = 314; | |||
paperless = 315; | |||
arangodb = 316; |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Does the service actually require a predefined uid
and gid
? Often times you can get away without.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Yeah chance is very high that this isn't needed, cc #65698
services.arangodb = { | ||
enable = mkEnableOption "ArangoDB server"; | ||
|
||
dataDir = mkOption { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
There are some nice features of systemd
you can take advantage of if you hardcode this directory to something like /var/lib/arangodb
, such as StateDirectory
.
By no means is this a requirement, but recently I'm asking people to question if they actually provide value to users in adding this option. Sometimes the answer is yes, sometimes no. Up to you to decide.
serviceConfig = { | ||
User = "arangodb"; | ||
Group = "arangodb"; | ||
PermissionsStartOnly = true; |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This is deprecated so please do not use. Your best alternatives are either hard coding the database.directory
/dataDir
to something like /var/lib/arangodb
or user systemd.tmpfiles.rules
.
See #56265 (comment) for some discussion on the topic.
|
||
after = [ "network.target" ]; | ||
|
||
preStart = '' |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This should be removed. See my comments below about PermissionsStartOnly
.
exec ${pkgs.arangodb}/bin/arangod \ | ||
--database.directory ${cfg.dataDir} \ | ||
--javascript.app-path ${cfg.dataDir} \ | ||
--log.file ${cfg.dataDir}/arangodb.log \ |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Is there a way to redirect output to standard system log (journald
) as this is the standard in NixOS and preferred.
If there is no way to redirect output to journald
instead of a log file does arangodb
automatically rotate this log file?
@volth Weren't you working on a service for this too? |
Motivation for this change
For the same reason of this pull request: #31880
Things done
build-use-sandbox
innix.conf
on non-NixOS)nix-shell -p nox --run "nox-review wip"
./result/bin/
)