Services: use 'requiresMountFor' with Syncthing
This commit is contained in:
parent
86f7864f8f
commit
38c0c493f2
14
flake.lock
14
flake.lock
|
@ -297,11 +297,11 @@
|
||||||
},
|
},
|
||||||
"nixpkgs_2": {
|
"nixpkgs_2": {
|
||||||
"locked": {
|
"locked": {
|
||||||
"lastModified": 1725407940,
|
"lastModified": 1725693463,
|
||||||
"narHash": "sha256-tiN5Rlg/jiY0tyky+soJZoRzLKbPyIdlQ77xVgREDNM=",
|
"narHash": "sha256-ZPzhebbWBOr0zRWW10FfqfbJlan3G96/h3uqhiFqmwg=",
|
||||||
"owner": "nixos",
|
"owner": "nixos",
|
||||||
"repo": "nixpkgs",
|
"repo": "nixpkgs",
|
||||||
"rev": "6f6c45b5134a8ee2e465164811e451dcb5ad86e3",
|
"rev": "68e7dce0a6532e876980764167ad158174402c6f",
|
||||||
"type": "github"
|
"type": "github"
|
||||||
},
|
},
|
||||||
"original": {
|
"original": {
|
||||||
|
@ -378,11 +378,11 @@
|
||||||
"secrets": {
|
"secrets": {
|
||||||
"flake": false,
|
"flake": false,
|
||||||
"locked": {
|
"locked": {
|
||||||
"lastModified": 1725641701,
|
"lastModified": 1725813930,
|
||||||
"narHash": "sha256-bTnYSs06iwnS6a1jYLpwjwVpFcP/iDs/6q5gnFcO+sQ=",
|
"narHash": "sha256-UxqJm3MlHVrPofm/4Z1dR9Xpo49Xc0HGQ/Mg/bQ5oqI=",
|
||||||
"ref": "refs/heads/main",
|
"ref": "refs/heads/main",
|
||||||
"rev": "25576ffa753b96e2289380feb81d3ed82e00cbc7",
|
"rev": "2e559fbe36dc49c3ea63cc9856b899eb9269950f",
|
||||||
"revCount": 68,
|
"revCount": 69,
|
||||||
"type": "git",
|
"type": "git",
|
||||||
"url": "file:./secrets"
|
"url": "file:./secrets"
|
||||||
},
|
},
|
||||||
|
|
|
@ -170,7 +170,6 @@ in
|
||||||
};
|
};
|
||||||
nginx = {
|
nginx = {
|
||||||
enable = true;
|
enable = true;
|
||||||
autostart = false;
|
|
||||||
virtualHosts = {
|
virtualHosts = {
|
||||||
"${config.secrets.networking.domains.primary}" = {
|
"${config.secrets.networking.domains.primary}" = {
|
||||||
default = true;
|
default = true;
|
||||||
|
@ -219,7 +218,7 @@ in
|
||||||
services = {
|
services = {
|
||||||
syncthing = {
|
syncthing = {
|
||||||
enable = true;
|
enable = true;
|
||||||
autostart = false;
|
home = "${services-root}/syncthing/aires";
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|
|
@ -7,8 +7,6 @@ let
|
||||||
|
|
||||||
# Where to store service files
|
# Where to store service files
|
||||||
services-root = "/storage/services";
|
services-root = "/storage/services";
|
||||||
# Script to start services
|
|
||||||
start-services = pkgs.writeShellScriptBin "start-services" (builtins.readFile ./start-services.sh);
|
|
||||||
|
|
||||||
# Credentials for interacting with the Namecheap API
|
# Credentials for interacting with the Namecheap API
|
||||||
namecheapCredentials = {
|
namecheapCredentials = {
|
||||||
|
@ -83,9 +81,6 @@ in
|
||||||
# Enable GPU support.
|
# Enable GPU support.
|
||||||
gpu.amd.enable = true;
|
gpu.amd.enable = true;
|
||||||
|
|
||||||
# Install script to get the system up and running after boot.
|
|
||||||
packages = [ start-services ];
|
|
||||||
|
|
||||||
# Enable support for primary RAID array
|
# Enable support for primary RAID array
|
||||||
raid.storage.enable = true;
|
raid.storage.enable = true;
|
||||||
|
|
||||||
|
@ -168,7 +163,6 @@ in
|
||||||
};
|
};
|
||||||
nginx = {
|
nginx = {
|
||||||
enable = true;
|
enable = true;
|
||||||
autostart = false;
|
|
||||||
virtualHosts = {
|
virtualHosts = {
|
||||||
"${config.secrets.networking.domains.primary}" = {
|
"${config.secrets.networking.domains.primary}" = {
|
||||||
default = true;
|
default = true;
|
||||||
|
@ -214,7 +208,7 @@ in
|
||||||
services = {
|
services = {
|
||||||
syncthing = {
|
syncthing = {
|
||||||
enable = true;
|
enable = true;
|
||||||
autostart = false;
|
home = "${services-root}/syncthing/aires";
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|
|
@ -1,26 +0,0 @@
|
||||||
#!/bin/sh
|
|
||||||
# Script to unlock the /storage partition and start up services that depend on it.
|
|
||||||
|
|
||||||
# check if the current user is root
|
|
||||||
if [ "$(id -u)" != "0" ]; then
|
|
||||||
echo "This script must be run as root" 1>&2
|
|
||||||
exit 1
|
|
||||||
fi
|
|
||||||
|
|
||||||
# Unlock and mount storage directory if we haven't already
|
|
||||||
if [ -e "/dev/mapper/storage" ]; then
|
|
||||||
echo "Storage partition already mounted."
|
|
||||||
else
|
|
||||||
echo "Unlocking storage partition..."
|
|
||||||
cryptsetup luksOpen /dev/md/Sapana storage
|
|
||||||
mount /dev/mapper/storage /storage
|
|
||||||
echo "Storage partition mounted."
|
|
||||||
fi
|
|
||||||
|
|
||||||
echo "Starting services..."
|
|
||||||
systemctl restart deluged.service delugeweb.service duplicacy-web.service forgejo.service jellyfin.service
|
|
||||||
systemctl --machine aires@.host --user start syncthing.service
|
|
||||||
systemctl restart nginx.service
|
|
||||||
echo "Services started. $(hostname) is ready to go!"
|
|
||||||
|
|
||||||
exit 0
|
|
|
@ -76,12 +76,7 @@ in
|
||||||
|
|
||||||
users.aires = {
|
users.aires = {
|
||||||
enable = true;
|
enable = true;
|
||||||
services = {
|
services.syncthing.enable = true;
|
||||||
syncthing = {
|
|
||||||
enable = true;
|
|
||||||
autostart = true;
|
|
||||||
};
|
|
||||||
};
|
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
|
|
|
@ -34,7 +34,7 @@ in
|
||||||
enable = true;
|
enable = true;
|
||||||
services.syncthing = {
|
services.syncthing = {
|
||||||
enable = true;
|
enable = true;
|
||||||
autostart = true;
|
home = "/home/aires/.config/syncthing";
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|
|
@ -6,7 +6,6 @@ in
|
||||||
{
|
{
|
||||||
options = {
|
options = {
|
||||||
aux.system.services.nginx = {
|
aux.system.services.nginx = {
|
||||||
autostart = lib.mkEnableOption "Whether to autostart Nginx at boot.";
|
|
||||||
enable = lib.mkEnableOption "Enable the Nginx web server.";
|
enable = lib.mkEnableOption "Enable the Nginx web server.";
|
||||||
|
|
||||||
virtualHosts = lib.mkOption {
|
virtualHosts = lib.mkOption {
|
||||||
|
@ -37,8 +36,5 @@ in
|
||||||
443
|
443
|
||||||
];
|
];
|
||||||
};
|
};
|
||||||
|
|
||||||
# Disable autostart if configured
|
|
||||||
systemd.services.nginx = lib.mkIf (!cfg.autostart) { wantedBy = lib.mkForce [ ]; };
|
|
||||||
};
|
};
|
||||||
}
|
}
|
||||||
|
|
|
@ -20,6 +20,19 @@ in
|
||||||
MAILADDR ${config.secrets.users.aires.email}
|
MAILADDR ${config.secrets.users.aires.email}
|
||||||
'';
|
'';
|
||||||
|
|
||||||
|
# Auto-unlock RAID array with a key file
|
||||||
|
environment.etc."crypttab".text = ''
|
||||||
|
storage /dev/md/Sapana ${config.secrets.devices.storage.keyFile.path} nofail,keyfile-timeout=5s
|
||||||
|
'';
|
||||||
|
fileSystems."/storage" = {
|
||||||
|
device = "/dev/mapper/storage";
|
||||||
|
# Keep booting even if the array fails to unlock
|
||||||
|
options = [
|
||||||
|
"nofail"
|
||||||
|
"x-systemd.device-timeout=5s"
|
||||||
|
];
|
||||||
|
};
|
||||||
|
|
||||||
# Automatically scrub the array monthly
|
# Automatically scrub the array monthly
|
||||||
systemd = {
|
systemd = {
|
||||||
services."raid-scrub" = {
|
services."raid-scrub" = {
|
||||||
|
|
|
@ -18,10 +18,10 @@ in
|
||||||
services.syncthing = {
|
services.syncthing = {
|
||||||
enable = lib.mkEnableOption "Enables Syncthing";
|
enable = lib.mkEnableOption "Enables Syncthing";
|
||||||
enableTray = lib.mkEnableOption "Enables the Syncthing Tray application";
|
enableTray = lib.mkEnableOption "Enables the Syncthing Tray application";
|
||||||
autostart = lib.mkOption {
|
home = lib.mkOption {
|
||||||
default = true;
|
default = "${config.users.users.aires.home}/.config/syncthing";
|
||||||
type = lib.types.bool;
|
type = lib.types.str;
|
||||||
description = "Whether to auto-start Syncthing on boot";
|
description = "Where to store Syncthing's configuration files";
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
@ -135,15 +135,12 @@ in
|
||||||
enable = true;
|
enable = true;
|
||||||
extraOptions = [
|
extraOptions = [
|
||||||
"--gui-address=0.0.0.0:8080"
|
"--gui-address=0.0.0.0:8080"
|
||||||
"--home=${config.users.users.aires.home}/.config/syncthing"
|
"--home=${cfg.services.syncthing.home}"
|
||||||
"--no-default-folder"
|
"--no-default-folder"
|
||||||
];
|
];
|
||||||
};
|
};
|
||||||
|
|
||||||
# Override the default Syncthing settings so it doesn't start on boot
|
systemd.user.services."syncthing".unitConfig.requiresMountsFor = cfg.services.syncthing.home;
|
||||||
systemd.user.services."syncthing" = lib.mkIf (!cfg.services.syncthing.autostart) {
|
|
||||||
wantedBy = lib.mkForce { };
|
|
||||||
};
|
|
||||||
};
|
};
|
||||||
})
|
})
|
||||||
]
|
]
|
||||||
|
|
|
@ -17,10 +17,10 @@ in
|
||||||
services.syncthing = {
|
services.syncthing = {
|
||||||
enable = lib.mkEnableOption "Enables Syncthing";
|
enable = lib.mkEnableOption "Enables Syncthing";
|
||||||
enableTray = lib.mkEnableOption "Enables the Syncthing Tray application";
|
enableTray = lib.mkEnableOption "Enables the Syncthing Tray application";
|
||||||
autostart = lib.mkOption {
|
home = lib.mkOption {
|
||||||
default = true;
|
default = "${config.users.users.gremlin.home}/.config/syncthing";
|
||||||
type = lib.types.bool;
|
type = lib.types.str;
|
||||||
description = "Whether to auto-start Syncthing on boot";
|
description = "Where to store Syncthing's configuration files";
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
@ -126,15 +126,12 @@ in
|
||||||
enable = true;
|
enable = true;
|
||||||
extraOptions = [
|
extraOptions = [
|
||||||
"--gui-address=0.0.0.0:8081"
|
"--gui-address=0.0.0.0:8081"
|
||||||
"--home=${config.users.users.gremlin.home}/.config/syncthing"
|
"--home=${cfg.services.syncthing.home}"
|
||||||
"--no-default-folder"
|
"--no-default-folder"
|
||||||
];
|
];
|
||||||
};
|
};
|
||||||
|
|
||||||
# Override the default Syncthing settings so it doesn't start on boot
|
systemd.user.services."syncthing".unitConfig.requiresMountsFor = cfg.services.syncthing.home;
|
||||||
systemd.user.services."syncthing" = lib.mkIf (!cfg.services.syncthing.autostart) {
|
|
||||||
wantedBy = lib.mkForce { };
|
|
||||||
};
|
|
||||||
};
|
};
|
||||||
})
|
})
|
||||||
];
|
];
|
||||||
|
|
2
secrets
2
secrets
|
@ -1 +1 @@
|
||||||
Subproject commit 25576ffa753b96e2289380feb81d3ed82e00cbc7
|
Subproject commit 2e559fbe36dc49c3ea63cc9856b899eb9269950f
|
Loading…
Reference in a new issue