Shove system services into base/system.nix where they belong

2024-05-22 15:39:57 -04:00 · 2024-05-22 15:39:57 -04:00 · 072ee60680
parent 065d116d2a
commit 072ee60680
9 changed files with 42 additions and 61 deletions
--- a/flake.lock
+++ b/flake.lock
@ -250,11 +250,11 @@
    "nix-secrets": {
      "flake": false,
      "locked": {
-        "lastModified": 1716252757,
-        "narHash": "sha256-gTTs8PX/Rh6XNrglcVokmyee6kqAIZ2JL8W89n5aau0=",
+        "lastModified": 1716406677,
+        "narHash": "sha256-pzZcg9qu/TfrzKiKGffKi5PqruNWZceuFe5Ceg6x/p8=",
        "ref": "refs/heads/main",
-        "rev": "1bc67c9f5e4cfc11ff664b9d8a447276408638bd",
-        "revCount": 30,
+        "rev": "60462223ede840d1fc3996b18cbee2b7809dcc73",
+        "revCount": 31,
        "type": "git",
        "url": "file:///home/aires/Development/nix-configuration/nix-secrets"
      },
--- a/hosts/Haven/default.nix
+++ b/hosts/Haven/default.nix
@ -48,7 +48,6 @@ in
      };
      airsonic = {
        enable = true;
-        domain = config.secrets.networking.primaryDomain;
        home = "/storage/services/airsonic-advanced";
      };
      boinc.enable = true;
@ -59,7 +58,6 @@ in
      };
      forgejo = {
        enable = true;
-        domain = config.secrets.networking.primaryDomain;
        home = "/storage/services/forgejo";
      };
      msmtp.enable = true;
@ -72,7 +70,7 @@ in
            enableACME = true; # Enable Let's Encrypt
            locations."/" = {
              # Catchall vhost, will redirect users to Forgejo
-              return = "301 https://code.${config.secrets.networking.primaryDomain}";
+              return = "301 https://${config.secrets.services.forgejo.url}";
            };
          };
        };
--- a/modules/base/system.nix
+++ b/modules/base/system.nix
@ -1,5 +1,10 @@
 # System options
-{ pkgs, config, ... }:
+{
+  pkgs,
+  config,
+  lib,
+  ...
+}:
 {
  # Set up the environment
  environment = {
@ -30,8 +35,32 @@
    operation = "switch";
  };

-  # Enable fwupd (firmware updater)
-  services.fwupd.enable = true;
+  services = {
+    # Enable fwupd (firmware updater)
+    fwupd.enable = true;
+
+    # Autoscrub BTRFS partitions
+    btrfs.autoScrub = lib.mkIf (config.fileSystems."/".fsType == "btrfs") {
+      enable = true;
+      interval = "weekly";
+      fileSystems = [ "/" ];
+    };
+
+    # Allow systemd user services to keep running after the user has logged out
+    logind.killUserProcesses = false;
+
+    # Enable disk monitoring
+    smartd = {
+      enable = true;
+      autodetect = true;
+      notifications.wall.enable = true;
+    };
+  };
+
+  # Reduce logout stop timer duration
+  systemd.extraConfig = ''
+    DefaultTimeoutStopSec=30s
+  '';

  # Set your time zone.
  time.timeZone = "America/New_York";
--- a/modules/services/airsonic.nix
+++ b/modules/services/airsonic.nix
@ -6,7 +6,6 @@
 }:
 let
  cfg = config.host.services.airsonic;
-  subdomain = "music";
 in
 {
  options = {
@ -18,10 +17,6 @@ in
        type = lib.types.str;
        description = "Where to store Airsonic's files";
      };
-      domain = lib.mkOption {
-        type = lib.types.str;
-        description = "FQDN for the host server";
-      };
    };
  };

@ -30,8 +25,8 @@ in
    users.users.airsonic.extraGroups = [ "media" ];

    services = {
-      nginx.virtualHosts."${subdomain}.${cfg.domain}" = {
-        useACMEHost = cfg.domain;
+      nginx.virtualHosts."${config.secrets.services.airsonic.url}" = {
+        useACMEHost = config.secrets.networking.primaryDomain;
        forceSSL = true;
        locations."/" = {
          proxyPass = "http://127.0.0.1:4040";
--- a/modules/services/btrfs.nix
+++ b/modules/services/btrfs.nix
@ -1,10 +0,0 @@
-# Services to run on BTRFS filesystems.
-# Only run if the root partition is BTRFS.
-{ config, lib, ... }:
-{
-  services.btrfs.autoScrub = lib.mkIf (config.fileSystems."/".fsType == "btrfs") {
-    enable = true;
-    interval = "weekly";
-    fileSystems = [ "/" ];
-  };
-}
--- a/modules/services/forgejo.nix
+++ b/modules/services/forgejo.nix
@ -5,9 +5,7 @@
  ...
 }:
 let
-  subdomain = "code";
  cfg = config.host.services.forgejo;
-
  cli-cfg = config.services.forgejo;

  forgejo-cli = pkgs.writeScriptBin "forgejo-cli" ''
@ -33,18 +31,14 @@ in
        type = lib.types.str;
        description = "Where to store Forgejo's files";
      };
-      domain = lib.mkOption {
-        type = lib.types.str;
-        description = "FQDN for the host server";
-      };
    };
  };

  config = lib.mkIf cfg.enable {
    environment.systemPackages = [ forgejo-cli ];
    services = {
-      nginx.virtualHosts."${subdomain}.${cfg.domain}" = {
-        useACMEHost = cfg.domain;
+      nginx.virtualHosts."${config.secrets.services.forgejo.url}" = {
+        useACMEHost = config.secrets.networking.primaryDomain;
        forceSSL = true;
        locations."/" = {
          proxyPass = "http://127.0.0.1:3000";
--- a/modules/services/smartd.nix
+++ b/modules/services/smartd.nix
@ -1,8 +0,0 @@
-# Configure SMART monitoring
-_: {
-  services.smartd = {
-    enable = true;
-    autodetect = true;
-    notifications.wall.enable = true;
-  };
-}
--- a/modules/services/systemd.nix
+++ b/modules/services/systemd.nix
@ -1,17 +0,0 @@
-# Configure systemD
-_: {
-  services = {
-    # Allow systemd user services to keep running after the user has logged out
-    logind.killUserProcesses = false;
-  };
-
-  # Reduce systemd logout time to 30s
-  environment.etc = {
-    "systemd/system.conf.d/10-reduce-logout-wait-time.conf" = {
-      text = ''
-        [Manager]
-        DefaultTimeoutStopSec=30s
-      '';
-    };
-  };
-}
--- a/2
+++ b/2
@ -1 +1 @@
-Subproject commit 1bc67c9f5e4cfc11ff664b9d8a447276408638bd
+Subproject commit 60462223ede840d1fc3996b18cbee2b7809dcc73