mermet: set memory limits

[sourcephile-nix.git] / hosts / mermet / calibre.nix

{ pkgs, lib, config, ... }:
with lib;
let
  domain = "sourcephile.fr";
  srv = "calibre";
  calibre = config.services.calibre-server;
  stateDir = "/var/lib/calibre";
in
{
  # Beware, calibre pulls a lot of dependencies..
  # TODO: The calibre server also supports systemd socket activation
  services.calibre-server = {
    enable = true;
    host = "127.0.0.1";
    port = 17429;
    libraries = [
      "${stateDir}/libraries/julm"
    ];
    # sudo -u calibre-server calibre-server --userdb /var/lib/calibre/users.sqlite --manage-users
    auth = {
      enable = true;
      mode = "basic";
      userDb = "${stateDir}/users.sqlite";
    };
  };
  systemd.services.calibre-server = {
    unitConfig = {
      StartLimitBurst = 5;
      StartLimitIntervalSec = "600s";
    };
    serviceConfig = {
      MemoryAccounting = true;
      MemoryMax = "300M";
      MemoryHigh = "400M";
      Restart = mkForce "on-failure";
      RestartSec = "60s";
    };
  };
  users.users.calibre-server.home = mkForce stateDir;
  services.nginx = {
    enable = true;
    upstreams.${srv} = {
      servers."127.0.0.1:${toString calibre.port}" = {
        max_fails = 5;
        fail_timeout = "60s";
      };
      extraConfig = ''
      '';
    };
    virtualHosts."${srv}.${domain}" = {
      forceSSL = true;
      useACMEHost = domain;
      extraConfig = ''
        access_log /var/log/nginx/${domain}/${srv}/access.log json buffer=32k;
        error_log  /var/log/nginx/${domain}/${srv}/error.log;
      '';
      locations."/" = {
        proxyPass = "http://${srv}";
        extraConfig = ''
          client_max_body_size 64m;
        '';
      };
    };
  };
  systemd.services.nginx = {
    serviceConfig = {
      LogsDirectory = lib.mkForce [ "nginx/${domain}/${srv}" ];
    };
  };
  services.sanoid.datasets."rpool/var/lib/${srv}" = {
    use_template = [ "snap" ];
    daily = 31;
    monthly = 3;
    recursive = true;
  };
}