diff --git a/flake.lock b/flake.lock index f982e33..e897149 100644 --- a/flake.lock +++ b/flake.lock @@ -250,11 +250,11 @@ "nix-secrets": { "flake": false, "locked": { - "lastModified": 1716252757, - "narHash": "sha256-gTTs8PX/Rh6XNrglcVokmyee6kqAIZ2JL8W89n5aau0=", + "lastModified": 1716406677, + "narHash": "sha256-pzZcg9qu/TfrzKiKGffKi5PqruNWZceuFe5Ceg6x/p8=", "ref": "refs/heads/main", - "rev": "1bc67c9f5e4cfc11ff664b9d8a447276408638bd", - "revCount": 30, + "rev": "60462223ede840d1fc3996b18cbee2b7809dcc73", + "revCount": 31, "type": "git", "url": "file:///home/aires/Development/nix-configuration/nix-secrets" }, diff --git a/hosts/Haven/default.nix b/hosts/Haven/default.nix index b71109e..8d37c60 100644 --- a/hosts/Haven/default.nix +++ b/hosts/Haven/default.nix @@ -48,7 +48,6 @@ in }; airsonic = { enable = true; - domain = config.secrets.networking.primaryDomain; home = "/storage/services/airsonic-advanced"; }; boinc.enable = true; @@ -59,7 +58,6 @@ in }; forgejo = { enable = true; - domain = config.secrets.networking.primaryDomain; home = "/storage/services/forgejo"; }; msmtp.enable = true; @@ -72,7 +70,7 @@ in enableACME = true; # Enable Let's Encrypt locations."/" = { # Catchall vhost, will redirect users to Forgejo - return = "301 https://code.${config.secrets.networking.primaryDomain}"; + return = "301 https://${config.secrets.services.forgejo.url}"; }; }; }; diff --git a/modules/base/system.nix b/modules/base/system.nix index b9a3ce0..35df0b1 100644 --- a/modules/base/system.nix +++ b/modules/base/system.nix @@ -1,5 +1,10 @@ # System options -{ pkgs, config, ... }: +{ + pkgs, + config, + lib, + ... +}: { # Set up the environment environment = { @@ -30,8 +35,32 @@ operation = "switch"; }; - # Enable fwupd (firmware updater) - services.fwupd.enable = true; + services = { + # Enable fwupd (firmware updater) + fwupd.enable = true; + + # Autoscrub BTRFS partitions + btrfs.autoScrub = lib.mkIf (config.fileSystems."/".fsType == "btrfs") { + enable = true; + interval = "weekly"; + fileSystems = [ "/" ]; + }; + + # Allow systemd user services to keep running after the user has logged out + logind.killUserProcesses = false; + + # Enable disk monitoring + smartd = { + enable = true; + autodetect = true; + notifications.wall.enable = true; + }; + }; + + # Reduce logout stop timer duration + systemd.extraConfig = '' + DefaultTimeoutStopSec=30s + ''; # Set your time zone. time.timeZone = "America/New_York"; diff --git a/modules/services/airsonic.nix b/modules/services/airsonic.nix index b22d484..b1a9029 100644 --- a/modules/services/airsonic.nix +++ b/modules/services/airsonic.nix @@ -6,7 +6,6 @@ }: let cfg = config.host.services.airsonic; - subdomain = "music"; in { options = { @@ -18,10 +17,6 @@ in type = lib.types.str; description = "Where to store Airsonic's files"; }; - domain = lib.mkOption { - type = lib.types.str; - description = "FQDN for the host server"; - }; }; }; @@ -30,8 +25,8 @@ in users.users.airsonic.extraGroups = [ "media" ]; services = { - nginx.virtualHosts."${subdomain}.${cfg.domain}" = { - useACMEHost = cfg.domain; + nginx.virtualHosts."${config.secrets.services.airsonic.url}" = { + useACMEHost = config.secrets.networking.primaryDomain; forceSSL = true; locations."/" = { proxyPass = "http://127.0.0.1:4040"; diff --git a/modules/services/btrfs.nix b/modules/services/btrfs.nix deleted file mode 100644 index 9834eae..0000000 --- a/modules/services/btrfs.nix +++ /dev/null @@ -1,10 +0,0 @@ -# Services to run on BTRFS filesystems. -# Only run if the root partition is BTRFS. -{ config, lib, ... }: -{ - services.btrfs.autoScrub = lib.mkIf (config.fileSystems."/".fsType == "btrfs") { - enable = true; - interval = "weekly"; - fileSystems = [ "/" ]; - }; -} diff --git a/modules/services/forgejo.nix b/modules/services/forgejo.nix index 90cf8d0..a329dfb 100644 --- a/modules/services/forgejo.nix +++ b/modules/services/forgejo.nix @@ -5,9 +5,7 @@ ... }: let - subdomain = "code"; cfg = config.host.services.forgejo; - cli-cfg = config.services.forgejo; forgejo-cli = pkgs.writeScriptBin "forgejo-cli" '' @@ -33,18 +31,14 @@ in type = lib.types.str; description = "Where to store Forgejo's files"; }; - domain = lib.mkOption { - type = lib.types.str; - description = "FQDN for the host server"; - }; }; }; config = lib.mkIf cfg.enable { environment.systemPackages = [ forgejo-cli ]; services = { - nginx.virtualHosts."${subdomain}.${cfg.domain}" = { - useACMEHost = cfg.domain; + nginx.virtualHosts."${config.secrets.services.forgejo.url}" = { + useACMEHost = config.secrets.networking.primaryDomain; forceSSL = true; locations."/" = { proxyPass = "http://127.0.0.1:3000"; diff --git a/modules/services/smartd.nix b/modules/services/smartd.nix deleted file mode 100644 index fbedd7d..0000000 --- a/modules/services/smartd.nix +++ /dev/null @@ -1,8 +0,0 @@ -# Configure SMART monitoring -_: { - services.smartd = { - enable = true; - autodetect = true; - notifications.wall.enable = true; - }; -} diff --git a/modules/services/systemd.nix b/modules/services/systemd.nix deleted file mode 100644 index c53090c..0000000 --- a/modules/services/systemd.nix +++ /dev/null @@ -1,17 +0,0 @@ -# Configure systemD -_: { - services = { - # Allow systemd user services to keep running after the user has logged out - logind.killUserProcesses = false; - }; - - # Reduce systemd logout time to 30s - environment.etc = { - "systemd/system.conf.d/10-reduce-logout-wait-time.conf" = { - text = '' - [Manager] - DefaultTimeoutStopSec=30s - ''; - }; - }; -} diff --git a/nix-secrets b/nix-secrets index 1bc67c9..6046222 160000 --- a/nix-secrets +++ b/nix-secrets @@ -1 +1 @@ -Subproject commit 1bc67c9f5e4cfc11ff664b9d8a447276408638bd +Subproject commit 60462223ede840d1fc3996b18cbee2b7809dcc73