From a87120c2fd537ca7ae92a2999984f16afebe5621 Mon Sep 17 00:00:00 2001
From: Vika <vika@fireburn.ru>
Date: Fri, 21 Jul 2023 18:18:05 +0300
Subject: Allow socket-activation for Kittybox

This complements passing sockets as FDs and graceful shutdown to allow
for zero-downtime restarts.
---
 configuration.nix | 18 ++++++++++++++----
 smoke-test.nix    | 11 +++++++++--
 2 files changed, 23 insertions(+), 6 deletions(-)

diff --git a/configuration.nix b/configuration.nix
index 937b1c8..e86f4b7 100644
--- a/configuration.nix
+++ b/configuration.nix
@@ -121,6 +121,20 @@ in {
         message = "To use the Postgres backend, Kittybox has to be compiled with Postgres support enabled.";
       }
     ];
+    systemd.sockets.kittybox = {
+      description = config.systemd.services.kittybox.description;
+      wantedBy = [ "sockets.target" ];
+
+      restartTriggers = [ cfg.bind cfg.port ];
+
+      socketConfig = {
+        ListenStream = lib.mkMerge [
+          (lib.mkIf (cfg.bind == null) cfg.port)
+          (lib.mkIf (cfg.bind != null) "${cfg.bind}:${builtins.toString cfg.port}")
+        ];
+        BindIPv6Only = true;
+      };
+    };
     systemd.services.kittybox = {
       description = "An IndieWeb-enabled blog engine";
 
@@ -136,7 +150,6 @@ in {
       ];
 
       environment = {
-        SERVE_AT = "${cfg.bind}:${builtins.toString cfg.port}";
         MICROSUB_ENDPOINT = cfg.microsubServer;
         WEBMENTION_ENDPOINT = cfg.webmentionEndpoint;
         BACKEND_URI = cfg.backendUri;
@@ -152,9 +165,6 @@ in {
             export KITTYBOX_INTERNAL_TOKEN=$(${pkgs.coreutils}/bin/cat ${cfg.internalTokenFile})
           fi
         ''}
-        if [[ ${cfg.cookieSecretFile} == /var/lib/kittybox/cookie_secret_key && ! -f /var/lib/kittybox/cookie_secret_key ]]; then
-            cat /dev/urandom | tr -Cd '[:alnum:]' | head -c 128 > /var/lib/kittybox/cookie_secret_key
-        fi
         exec ${cfg.package}/bin/kittybox
       '';
 
diff --git a/smoke-test.nix b/smoke-test.nix
index df7583e..139117f 100644
--- a/smoke-test.nix
+++ b/smoke-test.nix
@@ -6,6 +6,8 @@ kittybox:
     kittybox = { config, pkgs, lib, ... }: {
       imports = [ kittybox.nixosModules.default ];
 
+      systemd.services.kittybox.wantedBy = lib.mkForce [];
+
       services.kittybox = {
         enable = true;
         logLevel = "info,kittybox=debug,retainer::cache=warn,h2=warn,rustls=warn";
@@ -21,9 +23,14 @@ kittybox:
   # Potentially using WebDriver
   # Could also be implemented with fantoccini
   testScript = ''
-    with subtest("Verify that Kittybox started correctly..."):
-        kittybox.wait_for_open_port(8080)
+    kittybox.wait_for_unit("default.target")
+    with subtest("Ensure that Kittybox service is socket activated..."):
+        kittybox.fail("systemctl is-active kittybox.service")
+        kittybox.succeed("systemctl is-active kittybox.socket")
+
+    with subtest("Verify that Kittybox starts correctly..."):
         kittybox.succeed("xh --no-check-status http://localhost:8080/.kittybox/micropub")
+        kittybox.succeed("systemctl is-active kittybox.service")
 
     with subtest("Onboarding should correctly work..."):
         kittybox.copy_from_host("${./onboarding.json}", "/root/onboarding.json")
-- 
cgit 1.4.1