From ace8ac1495b6b705a950bf422dc73063262a78ab Mon Sep 17 00:00:00 2001 From: Florian Sesser <florian@private.storage> Date: Wed, 14 Sep 2022 13:48:19 +0000 Subject: [PATCH] Make systemd provide a socket to the tahoe web service refs #122 --- nixos/modules/private-storage.nix | 2 +- nixos/modules/tahoe.nix | 25 ++++++++++++++----------- 2 files changed, 15 insertions(+), 12 deletions(-) diff --git a/nixos/modules/private-storage.nix b/nixos/modules/private-storage.nix index c620e2fb..7b7892cd 100644 --- a/nixos/modules/private-storage.nix +++ b/nixos/modules/private-storage.nix @@ -121,7 +121,7 @@ in # access to any data. It does grant access to storage capabilities # but with our plugin configuration you still need ZKAPs to use # those... - "web.port" = "tcp:3456:interface=127.0.0.1"; + "web.port" = "systemd:domain=INET:index=0"; # We have to tell Tahoe-LAFS where to listen for Foolscap # connections for the storage protocol. We have to tell it twice. # First, in the syntax which it uses to listen. diff --git a/nixos/modules/tahoe.nix b/nixos/modules/tahoe.nix index 17641c47..e1153ec8 100644 --- a/nixos/modules/tahoe.nix +++ b/nixos/modules/tahoe.nix @@ -116,15 +116,6 @@ in # networking.firewall.allowedTCPPorts = flip mapAttrsToList cfg.introducers # (node: settings: settings.tub.port); - # Make systemd open a port for us: - systemd.sockets.tahoe-web = { - description = "Tahoe Web Server Socket"; - wantedBy = [ "sockets.target" ]; - before = [ "multi-user.target" ]; - socketConfig.Accept = true; - socketConfig.ListenStream = settings.tub.port; - }; - systemd.services = flip mapAttrs' cfg.introducers (node: settings: let pidfile = "/run/tahoe.introducer-${node}.pid"; @@ -140,8 +131,6 @@ in serviceConfig = { Type = "simple"; PIDFile = pidfile; - Twisted wants non-blocking sockets: - NonBlocking = true; # Believe it or not, Tahoe is very brittle about the order of # arguments to $(tahoe run). The node directory must come first, # and arguments which alter Twisted's behavior come afterwards. @@ -194,6 +183,18 @@ in # Open up the firewall. # networking.firewall.allowedTCPPorts = flip mapAttrsToList cfg.nodes # (node: settings: settings.tub.port); + + # Make systemd open a port for us: + # Systemd uses the socket name to link to the corresponding Service Unit. + systemd.sockets."tahoe.storage" = { + description = "Tahoe Web Server Socket"; + wantedBy = [ "sockets.target" ]; + before = [ "multi-user.target" ]; + socketConfig = { + ListenStream = "127.0.0.1:3456"; + }; + }; + systemd.services = flip mapAttrs' cfg.nodes (node: settings: let pidfile = "/run/tahoe.${lib.escapeShellArg node}.pid"; @@ -216,6 +217,8 @@ in ExecStart = '' ${settings.package}/bin/tahoe --eliot-destination ${eliotLog} run ${nodedir} -n -l- --pidfile=${pidfile} ''; + # Twisted wants non-blocking sockets: + NonBlocking = true; # The rlimit on number of open files controls how many # connections a particular storage server can accept (factoring # in the number of non-connection files the server needs open - -- GitLab