Allow socket-activation for Kittybox

This complements passing sockets as FDs and graceful shutdown to allow
for zero-downtime restarts.

1 files changed, 14 insertions, 4 deletions

diff --git a/configuration.nix b/configuration.nix
index 937b1c8..e86f4b7 100644
--- a/configuration.nix
+++ b/configuration.nix
@@ -121,6 +121,20 @@ in {
         message = "To use the Postgres backend, Kittybox has to be compiled with Postgres support enabled.";
       }
     ];
+    systemd.sockets.kittybox = {
+      description = config.systemd.services.kittybox.description;
+      wantedBy = [ "sockets.target" ];
+
+      restartTriggers = [ cfg.bind cfg.port ];
+
+      socketConfig = {
+        ListenStream = lib.mkMerge [
+          (lib.mkIf (cfg.bind == null) cfg.port)
+          (lib.mkIf (cfg.bind != null) "${cfg.bind}:${builtins.toString cfg.port}")
+        ];
+        BindIPv6Only = true;
+      };
+    };
     systemd.services.kittybox = {
       description = "An IndieWeb-enabled blog engine";
 
@@ -136,7 +150,6 @@ in {
       ];
 
       environment = {
-        SERVE_AT = "${cfg.bind}:${builtins.toString cfg.port}";
         MICROSUB_ENDPOINT = cfg.microsubServer;
         WEBMENTION_ENDPOINT = cfg.webmentionEndpoint;
         BACKEND_URI = cfg.backendUri;
@@ -152,9 +165,6 @@ in {
             export KITTYBOX_INTERNAL_TOKEN=$(${pkgs.coreutils}/bin/cat ${cfg.internalTokenFile})
           fi
         ''}
-        if [[ ${cfg.cookieSecretFile} == /var/lib/kittybox/cookie_secret_key && ! -f /var/lib/kittybox/cookie_secret_key ]]; then
-            cat /dev/urandom | tr -Cd '[:alnum:]' | head -c 128 > /var/lib/kittybox/cookie_secret_key
-        fi
         exec ${cfg.package}/bin/kittybox
       '';