forked from axeman/erpnext-nix
module: fix DNS by adding resolv.conf, ssl dirs to
BindReadOnlyPaths This should fix temporary name resolution errors observed in erpnext. Minor cleanup and explanatory comment for confinement.packages We don't use pkgs from path, but prefer explicitly referring to pkgs
This commit is contained in:
parent
5519e0d6fe
commit
ceb04d96de
|
@ -212,6 +212,9 @@ in
|
||||||
Type = "simple";
|
Type = "simple";
|
||||||
BindReadOnlyPaths = [
|
BindReadOnlyPaths = [
|
||||||
"/etc/hosts:/etc/hosts"
|
"/etc/hosts:/etc/hosts"
|
||||||
|
"/etc/resolv.conf:/etc/resolv.conf"
|
||||||
|
"/etc/ssl:/etc/ssl"
|
||||||
|
"/etc/static/ssl:/etc/static/ssl"
|
||||||
"/run/agenix:/run/agenix"
|
"/run/agenix:/run/agenix"
|
||||||
"${pkgs.frappe-app}:${pkgs.frappe-app}"
|
"${pkgs.frappe-app}:${pkgs.frappe-app}"
|
||||||
"${pkgs.frappe-app}/share/apps/frappe:${cfg.benchDir}/apps/frappe"
|
"${pkgs.frappe-app}/share/apps/frappe:${cfg.benchDir}/apps/frappe"
|
||||||
|
@ -330,12 +333,20 @@ in
|
||||||
description = "ERPNext web server";
|
description = "ERPNext web server";
|
||||||
confinement = {
|
confinement = {
|
||||||
enable = true;
|
enable = true;
|
||||||
packages = [ pkgs.mariadb-client penv ];
|
# pkgs listed here get added to the services' BindReadOnlyPaths
|
||||||
|
# The same is true for pkgs referred to in ExecStartPre, ExecStart, etc.
|
||||||
|
# Explicitily listing these pkgs here for visibility
|
||||||
|
packages = [
|
||||||
|
penv
|
||||||
|
pkgs.coreutils
|
||||||
|
# Dependency for 'bench new-site' subcommand
|
||||||
|
pkgs.mariadb-client
|
||||||
|
pkgs.replace-secret
|
||||||
|
];
|
||||||
};
|
};
|
||||||
environment = {
|
environment = {
|
||||||
PYTHON_PATH = "${penv}/${pkgs.python3.sitePackages}";
|
PYTHON_PATH = "${penv}/${pkgs.python3.sitePackages}";
|
||||||
};
|
};
|
||||||
path = [ pkgs.mariadb-client penv pkgs.coreutils ];
|
|
||||||
serviceConfig = defaultServiceConfig // {
|
serviceConfig = defaultServiceConfig // {
|
||||||
TimeoutStartSec = "300s";
|
TimeoutStartSec = "300s";
|
||||||
Restart = "on-failure";
|
Restart = "on-failure";
|
||||||
|
|
Loading…
Reference in a new issue