From 44875e5f08339763ec60f2aa492251c789e36d80 Mon Sep 17 00:00:00 2001 From: Frederick Muriuki Muriithi Date: Wed, 2 Apr 2025 12:39:05 -0500 Subject: public-sparql: Separate instance dir from data directories The "allowed" directories are directories other than the instance directory, which virtuoso can access to load data. --- public-sparql.scm | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'public-sparql.scm') diff --git a/public-sparql.scm b/public-sparql.scm index 4f5ad13..6fbf75c 100644 --- a/public-sparql.scm +++ b/public-sparql.scm @@ -56,7 +56,7 @@ SPARQL endpoint is listening on." (server-port %virtuoso-port) (http-server-port %sparql-port) (number-of-buffers 4000000) - (dirs-allowed (list "/var/lib/virtuoso")) + (dirs-allowed (list "/export/data/virtuoso")) (maximum-dirty-buffers 3000000) (database-file "/var/lib/virtuoso/public-virtuoso.db") (transaction-file "/var/lib/virtuoso/public-virtuoso.trx"))) -- cgit 1.4.1 From 01bf00c060f00af089bb8cd57ff7eeb966c0afab Mon Sep 17 00:00:00 2001 From: Frederick Muriuki Muriithi Date: Thu, 3 Apr 2025 12:26:07 -0500 Subject: ACME: Allow acme service to restart nginx with no sudo password --- public-sparql.scm | 5 +++++ 1 file changed, 5 insertions(+) (limited to 'public-sparql.scm') diff --git a/public-sparql.scm b/public-sparql.scm index 6fbf75c..4603cec 100644 --- a/public-sparql.scm +++ b/public-sparql.scm @@ -20,6 +20,7 @@ (use-modules (gnu) (gn services databases) (gnu services web) + ((gnu packages admin) #:select (shepherd)) (forge nginx) (forge socket)) @@ -50,6 +51,10 @@ SPARQL endpoint is listening on." (targets (list "/dev/sdX")))) (file-systems %base-file-systems) (users %base-user-accounts) + (sudoers-file + (mixed-text-file "sudoers" + "@include " %sudoers-specification + "\nacme ALL = NOPASSWD: " (file-append shepherd "/bin/herd") " restart nginx\n")) (packages %base-packages) (services (cons* (service virtuoso-service-type (virtuoso-configuration -- cgit 1.4.1