diff --git a/nixos/doc/manual/from_md/release-notes/rl-2111.section.xml b/nixos/doc/manual/from_md/release-notes/rl-2111.section.xml index 329ea1409c9a..543f3d619804 100644 --- a/nixos/doc/manual/from_md/release-notes/rl-2111.section.xml +++ b/nixos/doc/manual/from_md/release-notes/rl-2111.section.xml @@ -1817,6 +1817,39 @@ Superuser created successfully. + + + The + services.unifi + module has been reworked, solving a number of issues. This + leads to several user facing changes: + + + + + The services.unifi.dataDir option is + removed and the data is now always located under + /var/lib/unifi/data. This is done to + make better use of systemd state direcotiry and thus + making the service restart more reliable. + + + + + The unifi logs can now be found under: + /var/log/unifi instead of + /var/lib/unifi/logs. + + + + + The unifi run directory can now be found under: + /run/unifi instead of + /var/lib/unifi/run. + + + + diff --git a/nixos/doc/manual/release-notes/rl-2111.section.md b/nixos/doc/manual/release-notes/rl-2111.section.md index 17f01d15b6fd..76e7f458d478 100644 --- a/nixos/doc/manual/release-notes/rl-2111.section.md +++ b/nixos/doc/manual/release-notes/rl-2111.section.md @@ -509,3 +509,8 @@ In addition to numerous new and upgraded packages, this release has the followin - Dokuwiki now supports caddy! However - the nginx option has been removed, in the new configuration, please use the `dokuwiki.webserver = "nginx"` instead. - The "${hostname}" option has been deprecated, please use `dokuwiki.sites = [ "${hostname}" ]` instead + +- The [services.unifi](options.html#opt-services.unifi.enable) module has been reworked, solving a number of issues. This leads to several user facing changes: + - The `services.unifi.dataDir` option is removed and the data is now always located under `/var/lib/unifi/data`. This is done to make better use of systemd state direcotiry and thus making the service restart more reliable. + - The unifi logs can now be found under: `/var/log/unifi` instead of `/var/lib/unifi/logs`. + - The unifi run directory can now be found under: `/run/unifi` instead of `/var/lib/unifi/run`. diff --git a/nixos/modules/services/networking/unifi.nix b/nixos/modules/services/networking/unifi.nix index caf89c84397f..53ad4df477fc 100644 --- a/nixos/modules/services/networking/unifi.nix +++ b/nixos/modules/services/networking/unifi.nix @@ -9,25 +9,6 @@ let ${optionalString (cfg.maximumJavaHeapSize != null) "-Xmx${(toString cfg.maximumJavaHeapSize)}m"} \ -jar ${stateDir}/lib/ace.jar ''; - mountPoints = [ - { - what = "${cfg.unifiPackage}/dl"; - where = "${stateDir}/dl"; - } - { - what = "${cfg.unifiPackage}/lib"; - where = "${stateDir}/lib"; - } - { - what = "${cfg.mongodbPackage}/bin"; - where = "${stateDir}/bin"; - } - { - what = "${cfg.dataDir}"; - where = "${stateDir}/data"; - } - ]; - systemdMountPoints = map (m: "${utils.escapeSystemdPath m.where}.mount") mountPoints; in { @@ -68,16 +49,6 @@ in ''; }; - services.unifi.dataDir = mkOption { - type = types.str; - default = "${stateDir}/data"; - description = '' - Where to store the database and other data. - - This directory will be bind-mounted to ${stateDir}/data as part of the service startup. - ''; - }; - services.unifi.openPorts = mkOption { type = types.bool; default = true; @@ -136,32 +107,11 @@ in ]; }; - # We must create the binary directories as bind mounts instead of symlinks - # This is because the controller resolves all symlinks to absolute paths - # to be used as the working directory. - systemd.mounts = map ({ what, where }: { - bindsTo = [ "unifi.service" ]; - partOf = [ "unifi.service" ]; - unitConfig.RequiresMountsFor = stateDir; - options = "bind"; - what = what; - where = where; - }) mountPoints; - - systemd.tmpfiles.rules = [ - "d '${stateDir}' 0700 unifi - - -" - "d '${stateDir}/data' 0700 unifi - - -" - "d '${stateDir}/webapps' 0700 unifi - - -" - "L+ '${stateDir}/webapps/ROOT' - - - - ${cfg.unifiPackage}/webapps/ROOT" - ]; - systemd.services.unifi = { description = "UniFi controller daemon"; wantedBy = [ "multi-user.target" ]; - after = [ "network.target" ] ++ systemdMountPoints; - partOf = systemdMountPoints; - bindsTo = systemdMountPoints; - unitConfig.RequiresMountsFor = stateDir; + after = [ "network.target" ]; + # This a HACK to fix missing dependencies of dynamic libs extracted from jars environment.LD_LIBRARY_PATH = with pkgs.stdenv; "${cc.cc.lib}/lib"; # Make sure package upgrades trigger a service restart @@ -209,8 +159,27 @@ in SystemCallErrorNumber = "EPERM"; SystemCallFilter = [ "@system-service" ]; - # Required for ProtectSystem=strict - BindPaths = [ stateDir ]; + StateDirectory = "unifi"; + RuntimeDirectory = "unifi"; + LogsDirectory = "unifi"; + CacheDirectory= "unifi"; + + TemporaryFileSystem = [ + # required as we want to create bind mounts below + "${stateDir}/webapps:rw" + ]; + + # We must create the binary directories as bind mounts instead of symlinks + # This is because the controller resolves all symlinks to absolute paths + # to be used as the working directory. + BindPaths = [ + "/var/log/unifi:${stateDir}/logs" + "/run/unifi:${stateDir}/run" + "${cfg.unifiPackage}/dl:${stateDir}/dl" + "${cfg.unifiPackage}/lib:${stateDir}/lib" + "${cfg.mongodbPackage}/bin:${stateDir}/bin" + "${cfg.unifiPackage}/webapps/ROOT:${stateDir}/webapps/ROOT" + ]; # Needs network access PrivateNetwork = false; @@ -220,6 +189,9 @@ in }; }; + imports = [ + (mkRemovedOptionModule [ "services" "unifi" "dataDir" ] "You should move contents of dataDir to /var/lib/unifi/data" ) + ]; meta.maintainers = with lib.maintainers; [ erictapen pennae ]; }