diff --git a/modules/module.nix.template b/modules/module.nix.template index de44950..0b14655 100644 --- a/modules/module.nix.template +++ b/modules/module.nix.template @@ -38,4 +38,12 @@ in config = lib.mkIf cfg.enable { # Add changes applied by this module here. }; + + systemd.services = { + # Forces systemd to wait for the module's configuration directory to be available before starting the service. + myModule.unitConfig.RequiresMountsFor = cfg.home; + + # Tells Nginx to wait for the service to be available before coming online. + nginx.wants = [ config.systemd.services.myModule.name ]; + }; } diff --git a/modules/services/acme.nix b/modules/services/acme.nix index ebd2455..7bc9a89 100644 --- a/modules/services/acme.nix +++ b/modules/services/acme.nix @@ -9,13 +9,11 @@ in enable = lib.mkEnableOption ( lib.mdDoc "Enable the ACME client (for Let's Encrypt TLS certificates)." ); - certs = lib.mkOption { default = { }; type = lib.types.attrs; description = "Cert configurations for ACME."; }; - defaultEmail = lib.mkOption { default = ""; type = lib.types.str; diff --git a/modules/services/airsonic.nix b/modules/services/airsonic.nix index cb0513d..1dc2476 100644 --- a/modules/services/airsonic.nix +++ b/modules/services/airsonic.nix @@ -12,7 +12,7 @@ in aux.system.services.airsonic = { enable = lib.mkEnableOption (lib.mdDoc "Enables Airsonic Advanced media streaming service."); home = lib.mkOption { - default = ""; + default = "/var/lib/airsonic"; type = lib.types.str; description = "Where to store Airsonic's files"; }; @@ -70,7 +70,7 @@ in }; systemd.services = { - airsonic = lib.mkIf (cfg.home != "") { unitConfig.RequiresMountsFor = cfg.home; }; + airsonic.unitConfig.RequiresMountsFor = cfg.home; nginx.wants = [ config.systemd.services.airsonic.name ]; }; }; diff --git a/modules/services/autoupgrade.nix b/modules/services/autoupgrade.nix index 710bc1b..66a7616 100644 --- a/modules/services/autoupgrade.nix +++ b/modules/services/autoupgrade.nix @@ -58,6 +58,7 @@ in User = "root"; }; path = config.aux.system.corePackages; + unitConfig.RequiresMountsFor = cfg.configDir; # Git diffing strategy courtesy of https://stackoverflow.com/a/40255467 script = '' cd ${cfg.configDir} @@ -94,6 +95,7 @@ in User = cfg.user; }; path = config.aux.system.corePackages; + unitConfig.RequiresMountsFor = cfg.configDir; script = '' set -eu cd ${cfg.configDir} diff --git a/modules/services/deluge.nix b/modules/services/deluge.nix index 6b1b8da..cdc876a 100644 --- a/modules/services/deluge.nix +++ b/modules/services/deluge.nix @@ -9,7 +9,7 @@ in aux.system.services.deluge = { enable = lib.mkEnableOption "Enables Deluge."; home = lib.mkOption { - default = ""; + default = "/var/lib/deluge"; type = lib.types.str; description = "Where to store Deluge's files"; }; @@ -52,6 +52,9 @@ in }; }; - systemd.services.deluge = lib.mkIf (cfg.home != "") { unitConfig.RequiresMountsFor = cfg.home; }; + systemd.services = { + deluge.unitConfig.RequiresMountsFor = cfg.home; + nginx.wants = [ config.systemd.services.deluge.name ]; + }; }; } diff --git a/modules/services/duplicacy-web.nix b/modules/services/duplicacy-web.nix index 41ae6c1..7eecb7c 100644 --- a/modules/services/duplicacy-web.nix +++ b/modules/services/duplicacy-web.nix @@ -14,7 +14,7 @@ in aux.system.services.duplicacy-web = { enable = lib.mkEnableOption "Enables duplicacy-web"; home = lib.mkOption { - default = ""; + default = "/var/lib/duplicacy-web"; type = lib.types.str; description = "Environment where duplicacy-web stores its config files"; }; @@ -46,6 +46,7 @@ in environment = { HOME = cfg.home; }; - } // lib.optionalAttrs (cfg.home != "") { unitConfig.RequiresMountsFor = cfg.home; }; + unitConfig.RequiresMountsFor = cfg.home; + }; }; } diff --git a/modules/services/forgejo.nix b/modules/services/forgejo.nix index 71de71f..a54f98f 100644 --- a/modules/services/forgejo.nix +++ b/modules/services/forgejo.nix @@ -26,7 +26,7 @@ in aux.system.services.forgejo = { enable = lib.mkEnableOption (lib.mdDoc "Enables Forgejo Git hosting service."); domain = lib.mkOption { - default = ""; + default = "/var/lib/forgejo"; type = lib.types.str; description = "The root domain that Forgejo will be hosted on."; example = "example.com"; @@ -124,7 +124,7 @@ in }; systemd.services = { - forgejo = lib.mkIf (cfg.home != "") { unitConfig.RequiresMountsFor = cfg.home; }; + forgejo.unitConfig.RequiresMountsFor = cfg.home; nginx.wants = [ config.systemd.services.forgejo.name ]; }; }; diff --git a/modules/services/home-assistant.nix b/modules/services/home-assistant.nix index 79c97f8..8060e90 100644 --- a/modules/services/home-assistant.nix +++ b/modules/services/home-assistant.nix @@ -32,41 +32,46 @@ in config = lib.mkIf cfg.enable { services = { home-assistant = { - # opt-out from declarative configuration management - config = null; - lovelaceConfig = null; - # configure the path to your config directory - configDir = cfg.home; - # specify list of components required by your configuration - extraComponents = [ - "esphome" - "eufy" - "govee_light_local" - "met" - "radio_browser" - "tplink" - ]; - }; - nginx.virtualHosts."${cfg.url}" = { - useACMEHost = cfg.domain; - forceSSL = true; - locations."/" = { - proxyPass = "http://127.0.0.1:8123"; - proxyWebsockets = true; - extraConfig = '' - # Security / XSS Mitigation Headers - add_header X-Frame-Options "SAMEORIGIN"; - add_header X-Content-Type-Options "nosniff"; + # opt-out from declarative configuration management + config = null; + lovelaceConfig = null; + # configure the path to your config directory + configDir = cfg.home; + # specify list of components required by your configuration + extraComponents = [ + "esphome" + "eufy" + "govee_light_local" + "met" + "radio_browser" + "tplink" + ]; + }; + nginx.virtualHosts."${cfg.url}" = { + useACMEHost = cfg.domain; + forceSSL = true; + locations."/" = { + proxyPass = "http://127.0.0.1:8123"; + proxyWebsockets = true; + extraConfig = '' + # Security / XSS Mitigation Headers + add_header X-Frame-Options "SAMEORIGIN"; + add_header X-Content-Type-Options "nosniff"; - proxy_ssl_server_name on; - proxy_set_header Host $host; - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - proxy_set_header X-Real-IP $remote_addr; + proxy_ssl_server_name on; + proxy_set_header Host $host; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Real-IP $remote_addr; - proxy_buffering off; - ''; + proxy_buffering off; + ''; + }; }; }; + + systemd.services = { + home-assistant.unitConfig.RequiresMountsFor = cfg.home; + nginx.wants = [ config.systemd.services.home-assistant.name ]; }; }; } diff --git a/modules/services/jellyfin.nix b/modules/services/jellyfin.nix index 059c55c..cce83fd 100644 --- a/modules/services/jellyfin.nix +++ b/modules/services/jellyfin.nix @@ -16,7 +16,7 @@ in aux.system.services.jellyfin = { enable = lib.mkEnableOption (lib.mdDoc "Enables the Jellyfin media streaming service."); home = lib.mkOption { - default = ""; + default = "/var/lib/jellyfin"; type = lib.types.str; description = "Where to store Jellyfin's files"; }; @@ -97,7 +97,7 @@ in ]; systemd.services = { - jellyfin = lib.mkIf (cfg.home != "") { unitConfig.RequiresMountsFor = cfg.home; }; + jellyfin.unitConfig.RequiresMountsFor = cfg.home; nginx.wants = [ config.systemd.services.jellyfin.name ]; }; };