diff --git a/flake.lock b/flake.lock index 7af3fc4..bf4d16d 100644 --- a/flake.lock +++ b/flake.lock @@ -297,11 +297,11 @@ }, "nixpkgs_2": { "locked": { - "lastModified": 1725407940, - "narHash": "sha256-tiN5Rlg/jiY0tyky+soJZoRzLKbPyIdlQ77xVgREDNM=", + "lastModified": 1725693463, + "narHash": "sha256-ZPzhebbWBOr0zRWW10FfqfbJlan3G96/h3uqhiFqmwg=", "owner": "nixos", "repo": "nixpkgs", - "rev": "6f6c45b5134a8ee2e465164811e451dcb5ad86e3", + "rev": "68e7dce0a6532e876980764167ad158174402c6f", "type": "github" }, "original": { @@ -378,11 +378,11 @@ "secrets": { "flake": false, "locked": { - "lastModified": 1725641701, - "narHash": "sha256-bTnYSs06iwnS6a1jYLpwjwVpFcP/iDs/6q5gnFcO+sQ=", + "lastModified": 1725813930, + "narHash": "sha256-UxqJm3MlHVrPofm/4Z1dR9Xpo49Xc0HGQ/Mg/bQ5oqI=", "ref": "refs/heads/main", - "rev": "25576ffa753b96e2289380feb81d3ed82e00cbc7", - "revCount": 68, + "rev": "2e559fbe36dc49c3ea63cc9856b899eb9269950f", + "revCount": 69, "type": "git", "url": "file:./secrets" }, diff --git a/hosts/Dimaga/default.nix b/hosts/Dimaga/default.nix index fec6948..16832bc 100644 --- a/hosts/Dimaga/default.nix +++ b/hosts/Dimaga/default.nix @@ -170,7 +170,6 @@ in }; nginx = { enable = true; - autostart = false; virtualHosts = { "${config.secrets.networking.domains.primary}" = { default = true; @@ -219,7 +218,7 @@ in services = { syncthing = { enable = true; - autostart = false; + home = "${services-root}/syncthing/aires"; }; }; }; diff --git a/hosts/Hevana/default.nix b/hosts/Hevana/default.nix index 2ca46aa..8327871 100644 --- a/hosts/Hevana/default.nix +++ b/hosts/Hevana/default.nix @@ -7,8 +7,6 @@ let # Where to store service files services-root = "/storage/services"; - # Script to start services - start-services = pkgs.writeShellScriptBin "start-services" (builtins.readFile ./start-services.sh); # Credentials for interacting with the Namecheap API namecheapCredentials = { @@ -83,9 +81,6 @@ in # Enable GPU support. gpu.amd.enable = true; - # Install script to get the system up and running after boot. - packages = [ start-services ]; - # Enable support for primary RAID array raid.storage.enable = true; @@ -168,7 +163,6 @@ in }; nginx = { enable = true; - autostart = false; virtualHosts = { "${config.secrets.networking.domains.primary}" = { default = true; @@ -214,7 +208,7 @@ in services = { syncthing = { enable = true; - autostart = false; + home = "${services-root}/syncthing/aires"; }; }; }; diff --git a/hosts/Hevana/start-services.sh b/hosts/Hevana/start-services.sh deleted file mode 100644 index e80969a..0000000 --- a/hosts/Hevana/start-services.sh +++ /dev/null @@ -1,26 +0,0 @@ -#!/bin/sh -# Script to unlock the /storage partition and start up services that depend on it. - -# check if the current user is root -if [ "$(id -u)" != "0" ]; then - echo "This script must be run as root" 1>&2 - exit 1 -fi - -# Unlock and mount storage directory if we haven't already -if [ -e "/dev/mapper/storage" ]; then - echo "Storage partition already mounted." -else - echo "Unlocking storage partition..." - cryptsetup luksOpen /dev/md/Sapana storage - mount /dev/mapper/storage /storage - echo "Storage partition mounted." -fi - -echo "Starting services..." -systemctl restart deluged.service delugeweb.service duplicacy-web.service forgejo.service jellyfin.service -systemctl --machine aires@.host --user start syncthing.service -systemctl restart nginx.service -echo "Services started. $(hostname) is ready to go!" - -exit 0 diff --git a/hosts/Khanda/default.nix b/hosts/Khanda/default.nix index c4b1888..5b1a84b 100644 --- a/hosts/Khanda/default.nix +++ b/hosts/Khanda/default.nix @@ -76,12 +76,7 @@ in users.aires = { enable = true; - services = { - syncthing = { - enable = true; - autostart = true; - }; - }; + services.syncthing.enable = true; }; }; diff --git a/hosts/configuration.nix.template b/hosts/configuration.nix.template index db4df58..b281de4 100644 --- a/hosts/configuration.nix.template +++ b/hosts/configuration.nix.template @@ -34,7 +34,7 @@ in enable = true; services.syncthing = { enable = true; - autostart = true; + home = "/home/aires/.config/syncthing"; }; }; }; diff --git a/modules/services/nginx.nix b/modules/services/nginx.nix index 00c0b9d..42f9d44 100644 --- a/modules/services/nginx.nix +++ b/modules/services/nginx.nix @@ -6,7 +6,6 @@ in { options = { aux.system.services.nginx = { - autostart = lib.mkEnableOption "Whether to autostart Nginx at boot."; enable = lib.mkEnableOption "Enable the Nginx web server."; virtualHosts = lib.mkOption { @@ -37,8 +36,5 @@ in 443 ]; }; - - # Disable autostart if configured - systemd.services.nginx = lib.mkIf (!cfg.autostart) { wantedBy = lib.mkForce [ ]; }; }; } diff --git a/modules/system/raid.nix b/modules/system/raid.nix index 5f58b98..7b73628 100644 --- a/modules/system/raid.nix +++ b/modules/system/raid.nix @@ -20,6 +20,19 @@ in MAILADDR ${config.secrets.users.aires.email} ''; + # Auto-unlock RAID array with a key file + environment.etc."crypttab".text = '' + storage /dev/md/Sapana ${config.secrets.devices.storage.keyFile.path} nofail,keyfile-timeout=5s + ''; + fileSystems."/storage" = { + device = "/dev/mapper/storage"; + # Keep booting even if the array fails to unlock + options = [ + "nofail" + "x-systemd.device-timeout=5s" + ]; + }; + # Automatically scrub the array monthly systemd = { services."raid-scrub" = { diff --git a/modules/users/aires/default.nix b/modules/users/aires/default.nix index 3c8b8bb..d1438e1 100644 --- a/modules/users/aires/default.nix +++ b/modules/users/aires/default.nix @@ -18,10 +18,10 @@ in services.syncthing = { enable = lib.mkEnableOption "Enables Syncthing"; enableTray = lib.mkEnableOption "Enables the Syncthing Tray application"; - autostart = lib.mkOption { - default = true; - type = lib.types.bool; - description = "Whether to auto-start Syncthing on boot"; + home = lib.mkOption { + default = "${config.users.users.aires.home}/.config/syncthing"; + type = lib.types.str; + description = "Where to store Syncthing's configuration files"; }; }; }; @@ -135,15 +135,12 @@ in enable = true; extraOptions = [ "--gui-address=0.0.0.0:8080" - "--home=${config.users.users.aires.home}/.config/syncthing" + "--home=${cfg.services.syncthing.home}" "--no-default-folder" ]; }; - # Override the default Syncthing settings so it doesn't start on boot - systemd.user.services."syncthing" = lib.mkIf (!cfg.services.syncthing.autostart) { - wantedBy = lib.mkForce { }; - }; + systemd.user.services."syncthing".unitConfig.requiresMountsFor = cfg.services.syncthing.home; }; }) ] diff --git a/modules/users/gremlin/default.nix b/modules/users/gremlin/default.nix index e4aa8fe..652ab0a 100644 --- a/modules/users/gremlin/default.nix +++ b/modules/users/gremlin/default.nix @@ -17,10 +17,10 @@ in services.syncthing = { enable = lib.mkEnableOption "Enables Syncthing"; enableTray = lib.mkEnableOption "Enables the Syncthing Tray application"; - autostart = lib.mkOption { - default = true; - type = lib.types.bool; - description = "Whether to auto-start Syncthing on boot"; + home = lib.mkOption { + default = "${config.users.users.gremlin.home}/.config/syncthing"; + type = lib.types.str; + description = "Where to store Syncthing's configuration files"; }; }; }; @@ -126,15 +126,12 @@ in enable = true; extraOptions = [ "--gui-address=0.0.0.0:8081" - "--home=${config.users.users.gremlin.home}/.config/syncthing" + "--home=${cfg.services.syncthing.home}" "--no-default-folder" ]; }; - # Override the default Syncthing settings so it doesn't start on boot - systemd.user.services."syncthing" = lib.mkIf (!cfg.services.syncthing.autostart) { - wantedBy = lib.mkForce { }; - }; + systemd.user.services."syncthing".unitConfig.requiresMountsFor = cfg.services.syncthing.home; }; }) ]; diff --git a/secrets b/secrets index 25576ff..2e559fb 160000 --- a/secrets +++ b/secrets @@ -1 +1 @@ -Subproject commit 25576ffa753b96e2289380feb81d3ed82e00cbc7 +Subproject commit 2e559fbe36dc49c3ea63cc9856b899eb9269950f