New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
nixos/adguardhome: init #120568
nixos/adguardhome: init #120568
Conversation
confFile = mkOption { | ||
default = "/etc/AdGuardHome.yaml"; | ||
type = path; | ||
description = '' | ||
Path to the config file. | ||
''; | ||
}; |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Please follow NixOS/rfcs#42.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I think having a non-mutable config file will not work well for this service. Management via the webui does not work and the config file is migrated automatically between schema versions on some application updates.
Maybe it would be better, as it is mutable, to store the config file in the work dir by default? Anyone who really wants to try for a stateless config can then override confFile
and use environment.etc
.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
The application also fails the initial set-up if the config file is not writable.
I think it might make sense to introduce an |
}; | ||
|
||
pidFile = mkOption { | ||
default = "/run/AdGuardHome.pid"; |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
default = "/run/AdGuardHome.pid"; | |
default = "/run/AdGuardHome/AdGuardHome.pid"; |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This fails with a "no such file or directory error", looks like the directory must exist. Is leaving it in /run
ok or should there be some mechanism to ensure /run/AdGuardHome
exists?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I am not sure what the correct way is to create the directory but otherwise it isn't easily mountable in containers.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
The correct way is using https://www.freedesktop.org/software/systemd/man/systemd.exec.html#RuntimeDirectory=.
67e096f
to
6547fb9
Compare
''; | ||
}; | ||
|
||
logFile = mkOption { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Please default to stdout
.
''; | ||
}; | ||
|
||
pidFile = mkOption { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Under what scenario does this need to be configurable?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
pidFile
can't be specified in the config file and if it wasn't configurable (e.g. fixed to /run/AdGuardHome/AdGuardHome.pid
) it would be inconvenient to override. A few other modules (mongodb, bitcoind) do allow pidFile
to be configured, but I admit I can't think of a use case.
Alternatively, the pid file could be disabled by default and enabled when needed through an extraArgs
option. Could probably at least remove verbose
in that case too.
options.services.adguardhome = with types; { | ||
enable = mkEnableOption "AdGuard Home network-wide ad blocker"; | ||
|
||
confFile = mkOption { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Is this intended to be mutable? Who manages this file?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
The config file should be managed by AdGuard Home, see my response to dotlambda's review for my rationale. If this is the case should it be placed in stateDir
?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I have briefly read some documentation from upstream and I understand now. This application is definitely an example of an application that should manage its own configuration... not NixOS, as you mention.
I would recommend not including this as an option so. You could probably do something really slick with DynamicUser
, RuntimeDirectory
(for the pid
file and reload
s) and StateDirectory
as well...
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
DynamicUser
works! What do you think should remain configurable when using it? In my view host
and port
are the essentials, pidFile
could just be set to /run/AdGuardHome/AdGuardHome.pid
(I can't see a strong case as to the need to disable it), and logs could always be to stdout?
There could be an extraArgs
flag, allowing verbose logs if a user needs it and supplying an escape hatch for future command-line options.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
That sounds good 👍 Whatever you think is needed.
''; | ||
}; | ||
|
||
workDir = mkOption { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Usually we call this stateDir
, depending on what it is for...
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This is where AdGuard Home stores filter lists / it's internal database. I was just copying AdGuard Home's terminology for workDir
(which I saw used in a few other modules). But stateDir
is more appropriate, I'll change it (in the morning 😴).
6547fb9
to
7639c23
Compare
Marking as draft while I look into |
Pushed a commit that uses Probably should all be squashed on merge. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
After the pending changes you are about to push I approve this module 👍 Great work 🎉
f23f716
to
838a156
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM, but I didn't test it.
838a156
to
a2e0d1c
Compare
Thanks everybody for the help and feedback! |
Motivation for this change
Adds a system service for AdGuard Home.
The service definition is largely based on the one generated by AdGuard Home itself when passed
adguardhome --service install
(this won't work on NixOS, as it will try to write to a read-only filesystem), with an additional choice of config, work, and pid file locations that should follow the FHS.May provide some relief for followers of #61617 while they wait for #108055 & the following PRs (but won't actually work on a pi without overriding the adguardhome package because of #113900)
Things done
sandbox
innix.conf
on non-NixOS linux)nix-shell -p nixpkgs-review --run "nixpkgs-review wip"
./result/bin/
)nix path-info -S
before and after)