Make systemd provide a socket to the tahoe web service

refs #122

Make systemd provide a socket to the tahoe web service
ace8ac14 · Florian Sesser · 1247471c · ace8ac14 · ace8ac14
Commit ace8ac14 authored 2 years ago by Florian Sesser
--- a/nixos/modules/private-storage.nix
+++ b/nixos/modules/private-storage.nix
@@ -121,7 +121,7 @@ in
          # access to any data.  It does grant access to storage capabilities
          # but with our plugin configuration you still need ZKAPs to use
          # those...
-          "web.port" = "tcp:3456:interface=127.0.0.1";
+          "web.port" = "systemd:domain=INET:index=0";
          # We have to tell Tahoe-LAFS where to listen for Foolscap
          # connections for the storage protocol.  We have to tell it twice.
          # First, in the syntax which it uses to listen.

--- a/nixos/modules/tahoe.nix
+++ b/nixos/modules/tahoe.nix
@@ -116,15 +116,6 @@ in
        # networking.firewall.allowedTCPPorts = flip mapAttrsToList cfg.introducers
        #   (node: settings: settings.tub.port);

-        # Make systemd open a port for us:
-        systemd.sockets.tahoe-web = {
-          description = "Tahoe Web Server Socket";
-          wantedBy = [ "sockets.target" ];
-          before = [ "multi-user.target" ];
-          socketConfig.Accept = true;
-          socketConfig.ListenStream = settings.tub.port;
-        };
-
        systemd.services = flip mapAttrs' cfg.introducers (node: settings:
          let
            pidfile = "/run/tahoe.introducer-${node}.pid";
@@ -140,8 +131,6 @@ in
            serviceConfig = {
              Type = "simple";
              PIDFile = pidfile;
-              Twisted wants non-blocking sockets:
-              NonBlocking = true;
              # Believe it or not, Tahoe is very brittle about the order of
              # arguments to $(tahoe run). The node directory must come first,
              # and arguments which alter Twisted's behavior come afterwards.
@@ -194,6 +183,18 @@ in
        # Open up the firewall.
        # networking.firewall.allowedTCPPorts = flip mapAttrsToList cfg.nodes
        #   (node: settings: settings.tub.port);
+
+        # Make systemd open a port for us:
+        # Systemd uses the socket name to link to the corresponding Service Unit.
+        systemd.sockets."tahoe.storage" = {
+          description = "Tahoe Web Server Socket";
+          wantedBy = [ "sockets.target" ];
+          before = [ "multi-user.target" ];
+          socketConfig = {
+            ListenStream = "127.0.0.1:3456";
+          };
+        };
+
        systemd.services = flip mapAttrs' cfg.nodes (node: settings:
          let
            pidfile = "/run/tahoe.${lib.escapeShellArg node}.pid";
@@ -216,6 +217,8 @@ in
              ExecStart = ''
                ${settings.package}/bin/tahoe --eliot-destination ${eliotLog} run ${nodedir} -n -l- --pidfile=${pidfile}
              '';
+              # Twisted wants non-blocking sockets:
+              NonBlocking = true;
              # The rlimit on number of open files controls how many
              # connections a particular storage server can accept (factoring
              # in the number of non-connection files the server needs open -