generate gunicorn.conf.py

2021-01-30 23:09:53 +01:00 · 2021-01-30 23:09:53 +01:00 · d3f1c04e72
parent ce44d19168
commit d3f1c04e72
1 changed files with 17 additions and 1 deletions
--- a/mod-seafile-server.nix
+++ b/mod-seafile-server.nix
@ -6,6 +6,20 @@ let
    (generators.toINI {} cfg.seafileSettings);
  ccnetConfigFile = pkgs.writeText "ccnet.conf"
    (generators.toINI {} cfg.ccnetSettings);
+  gunicornConfigFile = pkgs.writeText "gunicorn.conf.py"
+    ''
+      import os
+      daemon = True
+      workers = 5
+      # default localhost:8000
+      bind = "127.0.0.1:8000"
+      # Pid
+      pids_dir = '${cfg.storagePath}/pids'
+      pidfile = os.path.join(pids_dir, 'seahub.pid')
+      # for file upload, we need a longer timeout value (default is only 30s, too short)
+      timeout = 1200
+      limit_request_line = 8190
+    '';
  # fix permissions at start
 in
  {
@ -249,7 +263,7 @@ in
          tmpfiles.rules = [
            "d ${cfg.storagePath} 0750 ${cfg.user} ${cfg.group} -"
            "d ${cfg.storagePath}/conf 0700 ${cfg.user} ${cfg.group} -"
-            "d ${cfg.storagePath}/home 0710 ${cfg.user} ${cfg.group} -"
+            "d ${cfg.storagePath}/pids 0710 ${cfg.user} ${cfg.group} -"
          ];
          services.seafile-server = {

@ -272,7 +286,9 @@ in
                # move config templates from nix store
                cp ${ccnetConfigFile} ./conf/ccnet.conf
                cp ${seafileConfigFile} ./conf/seafile.conf
+                cp ${gunicornConfigFile} ./conf/gunicorn.conf.py
                # replace placeholder secrets with real secret read from file
+                #TODO: unset -x to prevent DBPASS from being leaked in journal
                ${if !(isNull cfg.db.passwordFile) then ''
                  DBPASS="$(head -n1 ${toString cfg.db.passwordFile})"
                  sed -e "s,#dbpass#,$DBPASS,g" -i ./conf/seafile.conf ./conf/ccnet.conf