Services: use 'requiresMountFor' with Syncthing

flake.lock

@@ -297,11 +297,11 @@
     },
     "nixpkgs_2": {
       "locked": {
-        "lastModified": 1725407940,
-        "narHash": "sha256-tiN5Rlg/jiY0tyky+soJZoRzLKbPyIdlQ77xVgREDNM=",
+        "lastModified": 1725693463,
+        "narHash": "sha256-ZPzhebbWBOr0zRWW10FfqfbJlan3G96/h3uqhiFqmwg=",
         "owner": "nixos",
         "repo": "nixpkgs",
-        "rev": "6f6c45b5134a8ee2e465164811e451dcb5ad86e3",
+        "rev": "68e7dce0a6532e876980764167ad158174402c6f",
         "type": "github"
       },
       "original": {
@@ -378,11 +378,11 @@
     "secrets": {
       "flake": false,
       "locked": {
-        "lastModified": 1725641701,
-        "narHash": "sha256-bTnYSs06iwnS6a1jYLpwjwVpFcP/iDs/6q5gnFcO+sQ=",
+        "lastModified": 1725813930,
+        "narHash": "sha256-UxqJm3MlHVrPofm/4Z1dR9Xpo49Xc0HGQ/Mg/bQ5oqI=",
         "ref": "refs/heads/main",
-        "rev": "25576ffa753b96e2289380feb81d3ed82e00cbc7",
-        "revCount": 68,
+        "rev": "2e559fbe36dc49c3ea63cc9856b899eb9269950f",
+        "revCount": 69,
         "type": "git",
         "url": "file:./secrets"
       },

hosts/Dimaga/default.nix

@@ -170,7 +170,6 @@ in
       };
       nginx = {
         enable = true;
-        autostart = false;
         virtualHosts = {
           "${config.secrets.networking.domains.primary}" = {
             default = true;
@@ -219,7 +218,7 @@ in
       services = {
         syncthing = {
           enable = true;
-          autostart = false;
+          home = "${services-root}/syncthing/aires";
         };
       };
     };

hosts/Hevana/default.nix

@@ -7,8 +7,6 @@ let
 
   # Where to store service files
   services-root = "/storage/services";
-  # Script to start services
-  start-services = pkgs.writeShellScriptBin "start-services" (builtins.readFile ./start-services.sh);
 
   # Credentials for interacting with the Namecheap API
   namecheapCredentials = {
@@ -83,9 +81,6 @@ in
     # Enable GPU support.
     gpu.amd.enable = true;
 
-    # Install script to get the system up and running after boot.
-    packages = [ start-services ];
-
     # Enable support for primary RAID array
     raid.storage.enable = true;
 
@@ -168,7 +163,6 @@ in
       };
       nginx = {
         enable = true;
-        autostart = false;
         virtualHosts = {
           "${config.secrets.networking.domains.primary}" = {
             default = true;
@@ -214,7 +208,7 @@ in
       services = {
         syncthing = {
           enable = true;
-          autostart = false;
+          home = "${services-root}/syncthing/aires";
         };
       };
     };

hosts/Hevana/start-services.sh

@@ -1,26 +0,0 @@
-#!/bin/sh
-# Script to unlock the /storage partition and start up services that depend on it.
-
-# check if the current user is root
-if [ "$(id -u)" != "0" ]; then
-   echo "This script must be run as root" 1>&2
-   exit 1
-fi
-
-# Unlock and mount storage directory if we haven't already
-if [ -e "/dev/mapper/storage" ]; then
-	echo "Storage partition already mounted."
-else
-	echo "Unlocking storage partition..."
-	cryptsetup luksOpen /dev/md/Sapana storage
-	mount /dev/mapper/storage /storage
-	echo "Storage partition mounted."
-fi
-
-echo "Starting services..."
-systemctl restart deluged.service delugeweb.service duplicacy-web.service forgejo.service jellyfin.service
-systemctl --machine aires@.host --user start syncthing.service
-systemctl restart nginx.service
-echo "Services started. $(hostname) is ready to go!"
-
-exit 0

hosts/Khanda/default.nix

@@ -76,12 +76,7 @@ in
 
     users.aires = {
       enable = true;
-      services = {
-        syncthing = {
-          enable = true;
-          autostart = true;
-        };
-      };
+      services.syncthing.enable = true;
     };
   };
 

hosts/configuration.nix.template

@@ -34,7 +34,7 @@ in
       enable = true;
       services.syncthing = {
         enable = true;
-        autostart = true;
+        home = "/home/aires/.config/syncthing";
       };
     };
   };

modules/services/nginx.nix

@@ -6,7 +6,6 @@ in
 {
   options = {
     aux.system.services.nginx = {
-      autostart = lib.mkEnableOption "Whether to autostart Nginx at boot.";
       enable = lib.mkEnableOption "Enable the Nginx web server.";
 
       virtualHosts = lib.mkOption {
@@ -37,8 +36,5 @@ in
         443
       ];
     };
-
-    # Disable autostart if configured
-    systemd.services.nginx = lib.mkIf (!cfg.autostart) { wantedBy = lib.mkForce [ ]; };
   };
 }

modules/system/raid.nix

@@ -20,6 +20,19 @@ in
         MAILADDR ${config.secrets.users.aires.email}
       '';
 
+      # Auto-unlock RAID array with a key file
+      environment.etc."crypttab".text = ''
+        storage /dev/md/Sapana ${config.secrets.devices.storage.keyFile.path} nofail,keyfile-timeout=5s
+      '';
+      fileSystems."/storage" = {
+        device = "/dev/mapper/storage";
+        # Keep booting even if the array fails to unlock
+        options = [
+          "nofail"
+          "x-systemd.device-timeout=5s"
+        ];
+      };
+
       # Automatically scrub the array monthly
       systemd = {
         services."raid-scrub" = {

modules/users/aires/default.nix

@@ -18,10 +18,10 @@ in
       services.syncthing = {
         enable = lib.mkEnableOption "Enables Syncthing";
         enableTray = lib.mkEnableOption "Enables the Syncthing Tray application";
-        autostart = lib.mkOption {
-          default = true;
-          type = lib.types.bool;
-          description = "Whether to auto-start Syncthing on boot";
+        home = lib.mkOption {
+          default = "${config.users.users.aires.home}/.config/syncthing";
+          type = lib.types.str;
+          description = "Where to store Syncthing's configuration files";
         };
       };
     };
@@ -135,15 +135,12 @@ in
             enable = true;
             extraOptions = [
               "--gui-address=0.0.0.0:8080"
-              "--home=${config.users.users.aires.home}/.config/syncthing"
+              "--home=${cfg.services.syncthing.home}"
               "--no-default-folder"
             ];
           };
 
-          # Override the default Syncthing settings so it doesn't start on boot
-          systemd.user.services."syncthing" = lib.mkIf (!cfg.services.syncthing.autostart) {
-            wantedBy = lib.mkForce { };
-          };
+          systemd.user.services."syncthing".unitConfig.requiresMountsFor = cfg.services.syncthing.home;
         };
       })
     ]

modules/users/gremlin/default.nix

@@ -17,10 +17,10 @@ in
       services.syncthing = {
         enable = lib.mkEnableOption "Enables Syncthing";
         enableTray = lib.mkEnableOption "Enables the Syncthing Tray application";
-        autostart = lib.mkOption {
-          default = true;
-          type = lib.types.bool;
-          description = "Whether to auto-start Syncthing on boot";
+        home = lib.mkOption {
+          default = "${config.users.users.gremlin.home}/.config/syncthing";
+          type = lib.types.str;
+          description = "Where to store Syncthing's configuration files";
         };
       };
     };
@@ -126,15 +126,12 @@ in
           enable = true;
           extraOptions = [
             "--gui-address=0.0.0.0:8081"
-            "--home=${config.users.users.gremlin.home}/.config/syncthing"
+            "--home=${cfg.services.syncthing.home}"
             "--no-default-folder"
           ];
         };
 
-        # Override the default Syncthing settings so it doesn't start on boot
-        systemd.user.services."syncthing" = lib.mkIf (!cfg.services.syncthing.autostart) {
-          wantedBy = lib.mkForce { };
-        };
+        systemd.user.services."syncthing".unitConfig.requiresMountsFor = cfg.services.syncthing.home;
       };
     })
   ];

secrets

@@ -1 +1 @@
-Subproject commit 25576ffa753b96e2289380feb81d3ed82e00cbc7
+Subproject commit 2e559fbe36dc49c3ea63cc9856b899eb9269950f