Shove system services into base/system.nix where they belong

flake.lock

@@ -250,11 +250,11 @@
     "nix-secrets": {
       "flake": false,
       "locked": {
-        "lastModified": 1716252757,
+        "lastModified": 1716406677,
-        "narHash": "sha256-gTTs8PX/Rh6XNrglcVokmyee6kqAIZ2JL8W89n5aau0=",
+        "narHash": "sha256-pzZcg9qu/TfrzKiKGffKi5PqruNWZceuFe5Ceg6x/p8=",
         "ref": "refs/heads/main",
-        "rev": "1bc67c9f5e4cfc11ff664b9d8a447276408638bd",
+        "rev": "60462223ede840d1fc3996b18cbee2b7809dcc73",
-        "revCount": 30,
+        "revCount": 31,
         "type": "git",
         "url": "file:///home/aires/Development/nix-configuration/nix-secrets"
       },

hosts/Haven/default.nix

@@ -48,7 +48,6 @@ in
       };
       airsonic = {
         enable = true;
-        domain = config.secrets.networking.primaryDomain;
         home = "/storage/services/airsonic-advanced";
       };
       boinc.enable = true;
@@ -59,7 +58,6 @@ in
       };
       forgejo = {
         enable = true;
-        domain = config.secrets.networking.primaryDomain;
         home = "/storage/services/forgejo";
       };
       msmtp.enable = true;
@@ -72,7 +70,7 @@ in
             enableACME = true; # Enable Let's Encrypt
             locations."/" = {
               # Catchall vhost, will redirect users to Forgejo
-              return = "301 https://code.${config.secrets.networking.primaryDomain}";
+              return = "301 https://${config.secrets.services.forgejo.url}";
             };
           };
         };

modules/base/system.nix

@@ -1,5 +1,10 @@
 # System options
-{ pkgs, config, ... }:
+{
+  pkgs,
+  config,
+  lib,
+  ...
+}:
 {
   # Set up the environment
   environment = {
@@ -30,8 +35,32 @@
     operation = "switch";
   };
 
-  # Enable fwupd (firmware updater)
+  services = {
-  services.fwupd.enable = true;
+    # Enable fwupd (firmware updater)
+    fwupd.enable = true;
+
+    # Autoscrub BTRFS partitions
+    btrfs.autoScrub = lib.mkIf (config.fileSystems."/".fsType == "btrfs") {
+      enable = true;
+      interval = "weekly";
+      fileSystems = [ "/" ];
+    };
+
+    # Allow systemd user services to keep running after the user has logged out
+    logind.killUserProcesses = false;
+
+    # Enable disk monitoring
+    smartd = {
+      enable = true;
+      autodetect = true;
+      notifications.wall.enable = true;
+    };
+  };
+
+  # Reduce logout stop timer duration
+  systemd.extraConfig = ''
+    DefaultTimeoutStopSec=30s
+  '';
 
   # Set your time zone.
   time.timeZone = "America/New_York";

modules/services/airsonic.nix

@@ -6,7 +6,6 @@
 }:
 let
   cfg = config.host.services.airsonic;
-  subdomain = "music";
 in
 {
   options = {
@@ -18,10 +17,6 @@ in
         type = lib.types.str;
         description = "Where to store Airsonic's files";
       };
-      domain = lib.mkOption {
-        type = lib.types.str;
-        description = "FQDN for the host server";
-      };
     };
   };
 
@@ -30,8 +25,8 @@ in
     users.users.airsonic.extraGroups = [ "media" ];
 
     services = {
-      nginx.virtualHosts."${subdomain}.${cfg.domain}" = {
+      nginx.virtualHosts."${config.secrets.services.airsonic.url}" = {
-        useACMEHost = cfg.domain;
+        useACMEHost = config.secrets.networking.primaryDomain;
         forceSSL = true;
         locations."/" = {
           proxyPass = "http://127.0.0.1:4040";

modules/services/btrfs.nix

@@ -1,10 +0,0 @@
-# Services to run on BTRFS filesystems.
-# Only run if the root partition is BTRFS.
-{ config, lib, ... }:
-{
-  services.btrfs.autoScrub = lib.mkIf (config.fileSystems."/".fsType == "btrfs") {
-    enable = true;
-    interval = "weekly";
-    fileSystems = [ "/" ];
-  };
-}

modules/services/forgejo.nix

@@ -5,9 +5,7 @@
   ...
 }:
 let
-  subdomain = "code";
   cfg = config.host.services.forgejo;
-
   cli-cfg = config.services.forgejo;
 
   forgejo-cli = pkgs.writeScriptBin "forgejo-cli" ''
@@ -33,18 +31,14 @@ in
         type = lib.types.str;
         description = "Where to store Forgejo's files";
       };
-      domain = lib.mkOption {
-        type = lib.types.str;
-        description = "FQDN for the host server";
-      };
     };
   };
 
   config = lib.mkIf cfg.enable {
     environment.systemPackages = [ forgejo-cli ];
     services = {
-      nginx.virtualHosts."${subdomain}.${cfg.domain}" = {
+      nginx.virtualHosts."${config.secrets.services.forgejo.url}" = {
-        useACMEHost = cfg.domain;
+        useACMEHost = config.secrets.networking.primaryDomain;
         forceSSL = true;
         locations."/" = {
           proxyPass = "http://127.0.0.1:3000";

modules/services/smartd.nix

@@ -1,8 +0,0 @@
-# Configure SMART monitoring
-_: {
-  services.smartd = {
-    enable = true;
-    autodetect = true;
-    notifications.wall.enable = true;
-  };
-}

modules/services/systemd.nix

@@ -1,17 +0,0 @@
-# Configure systemD
-_: {
-  services = {
-    # Allow systemd user services to keep running after the user has logged out
-    logind.killUserProcesses = false;
-  };
-
-  # Reduce systemd logout time to 30s
-  environment.etc = {
-    "systemd/system.conf.d/10-reduce-logout-wait-time.conf" = {
-      text = ''
-        [Manager]
-        DefaultTimeoutStopSec=30s
-      '';
-    };
-  };
-}

nix-secrets

@@ -1 +1 @@
-Subproject commit 1bc67c9f5e4cfc11ff664b9d8a447276408638bd
+Subproject commit 60462223ede840d1fc3996b18cbee2b7809dcc73