Modules: Tweak fever dream merging for autostart attribute

2024-07-02 16:19:15 -04:00 · 2024-07-02 16:19:15 -04:00 · 84885450a2
parent 20212e406c
commit 84885450a2
4 changed files with 137 additions and 156 deletions
--- a/modules/services/airsonic.nix
+++ b/modules/services/airsonic.nix
@ -32,41 +32,37 @@ in
    };
  };

-  config = lib.mkMerge [
-    (lib.mkIf cfg.enable {
-      aux.system.users.media.enable = true;
-      users.users.airsonic.extraGroups = [ "media" ];
+  config = lib.mkIf cfg.enable {
+    aux.system.users.media.enable = true;
+    users.users.airsonic.extraGroups = [ "media" ];

-      services = {
-        nginx.virtualHosts."${cfg.url}" = {
-          useACMEHost = cfg.domain;
-          forceSSL = true;
-          locations."/" = {
-            proxyPass = "http://127.0.0.1:4040";
-            proxyWebsockets = true;
-            extraConfig = "proxy_ssl_server_name on;";
-          };
+    services = {
+      nginx.virtualHosts."${cfg.url}" = {
+        useACMEHost = cfg.domain;
+        forceSSL = true;
+        locations."/" = {
+          proxyPass = "http://127.0.0.1:4040";
+          proxyWebsockets = true;
+          extraConfig = "proxy_ssl_server_name on;";
        };
-
-        airsonic = {
-          enable = true;
-          war = "${
-            (pkgs.callPackage ../../packages/airsonic-advanced.nix { inherit lib; })
-          }/webapps/airsonic.war";
-          port = 4040;
-          jre = pkgs.jdk17;
-          jvmOptions = [
-            "-Dserver.use-forward-headers=true"
-            "-Xmx4G" # Increase Java heap size to 4GB
-          ];
-        } // lib.optionalAttrs (cfg.home != "") { home = cfg.home; };
      };

-      systemd.services.nginx.wants = [ config.systemd.services.airsonic.name ];
-    })
-    (lib.mkIf (!cfg.autostart) {
-      # Disable autostart if needed
-      systemd.services.airsonic.wantedBy = lib.mkForce [ ];
-    })
-  ];
+      airsonic = {
+        enable = true;
+        war = "${
+          (pkgs.callPackage ../../packages/airsonic-advanced.nix { inherit lib; })
+        }/webapps/airsonic.war";
+        port = 4040;
+        jre = pkgs.jdk17;
+        jvmOptions = [
+          "-Dserver.use-forward-headers=true"
+          "-Xmx4G" # Increase Java heap size to 4GB
+        ];
+      } // lib.optionalAttrs (cfg.home != "") { home = cfg.home; };
+    };
+
+    systemd.services.nginx.wants = [ config.systemd.services.airsonic.name ];
+    # Disable autostart if configured
+    systemd.services.airsonic = lib.mkIf (!cfg.autostart) { wantedBy = lib.mkForce [ ]; };
+  };
 }
--- a/modules/services/duplicacy-web.nix
+++ b/modules/services/duplicacy-web.nix
@ -28,39 +28,31 @@ rec {
    };
  };

-  config = lib.mkMerge [
-    (lib.mkIf cfg.enable {
-      nixpkgs.config.allowUnfree = true;
-      environment.systemPackages = [ duplicacy-web ];
+  config = lib.mkIf cfg.enable {
+    nixpkgs.config.allowUnfree = true;
+    environment.systemPackages = [ duplicacy-web ];

-      networking.firewall.allowedTCPPorts = [ 3875 ];
+    networking.firewall.allowedTCPPorts = [ 3875 ];

-      # Install systemd service.
-      systemd.services."duplicacy-web" = {
-        enable = true;
-        wants = [ "network-online.target" ];
-        after = [
-          "syslog.target"
-          "network-online.target"
-        ];
-        description = "Start the Duplicacy backup service and web UI";
-        serviceConfig = {
-          Type = "simple";
-          ExecStart = ''${duplicacy-web}/duplicacy-web'';
-          Restart = "on-failure";
-          RestartSrc = 10;
-          KillMode = "process";
-        };
-        environment = {
-          HOME = cfg.environment;
-        };
+    # Install systemd service.
+    systemd.services.duplicacy-web = {
+      enable = true;
+      wants = [ "network-online.target" ];
+      after = [
+        "syslog.target"
+        "network-online.target"
+      ];
+      description = "Start the Duplicacy backup service and web UI";
+      serviceConfig = {
+        Type = "simple";
+        ExecStart = ''${duplicacy-web}/duplicacy-web'';
+        Restart = "on-failure";
+        RestartSrc = 10;
+        KillMode = "process";
      };
-    })
-
-    (lib.mkIf (!cfg.autostart) {
-      # Disable autostart if needed
-      systemd.services.duplicacy-web.wantedBy = lib.mkForce [ ];
-    })
-  ];
-
+      environment = {
+        HOME = cfg.environment;
+      };
+    } // lib.optionalAttrs (!cfg.autostart) { wantedBy = lib.mkForce [ ]; };
+  };
 }
--- a/modules/services/forgejo.nix
+++ b/modules/services/forgejo.nix
@ -55,81 +55,77 @@ in
    };
  };

-  config = lib.mkMerge [
-    (lib.mkIf cfg.enable {
-      environment.systemPackages = [
-        forgejo-cli
-        pkgs.podman-tui
-      ];
-      services = {
-        forgejo = {
+  config = lib.mkIf cfg.enable {
+    environment.systemPackages = [
+      forgejo-cli
+      pkgs.podman-tui
+    ];
+    services = {
+      forgejo = {
+        enable = true;
+        settings.server = {
+          DOMAIN = cfg.domain;
+          ROOT_URL = cfg.url;
+          HTTP_PORT = 3000;
+        };
+        useWizard = true;
+      } // lib.optionalAttrs (cfg.home != null) { stateDir = cfg.home; };
+
+      nginx.virtualHosts."${cfg.url}" = {
+        useACMEHost = cfg.domain;
+        forceSSL = true;
+        locations."/" = {
+          proxyPass = "http://127.0.0.1:3000";
+          proxyWebsockets = true;
+          extraConfig = "proxy_ssl_server_name on;"; # required when the target is also TLS server with multiple hosts
+        };
+      };
+
+      # Enable runner for CI actions
+      gitea-actions-runner = lib.mkIf cfg.actions.enable {
+        package = pkgs.forgejo-actions-runner;
+        instances.default = {
          enable = true;
-          settings.server = {
-            DOMAIN = cfg.domain;
-            ROOT_URL = cfg.url;
-            HTTP_PORT = 3000;
-          };
-          useWizard = true;
-        } // lib.optionalAttrs (cfg.home != null) { stateDir = cfg.home; };
-
-        nginx.virtualHosts."${cfg.url}" = {
-          useACMEHost = cfg.domain;
-          forceSSL = true;
-          locations."/" = {
-            proxyPass = "http://127.0.0.1:3000";
-            proxyWebsockets = true;
-            extraConfig = "proxy_ssl_server_name on;"; # required when the target is also TLS server with multiple hosts
-          };
-        };
-
-        # Enable runner for CI actions
-        gitea-actions-runner = lib.mkIf cfg.actions.enable {
-          package = pkgs.forgejo-actions-runner;
-          instances.default = {
-            enable = true;
-            name = config.networking.hostName;
-            url = cfg.url;
-            token = cfg.actions.token;
-            labels = [
-              "nix:docker://nixos/nix" # Shoutout to Icewind 1991 for this syntax: https://icewind.nl/entry/gitea-actions-nix/
-              "debian:docker://node:20-bullseye"
-              "ubuntu-latest:docker://ubuntu:latest"
-            ];
-            settings = {
-              # For an example of configuring in Nix: https://git.clan.lol/clan/clan-infra/src/branch/main/modules/web01/gitea/actions-runner.nix
-              # For an example of the different options available: https://gitea.com/gitea/act_runner/src/branch/main/internal/pkg/config/config.example.yaml
-              container.options = "-v /nix:/nix";
-              container.validVolumes = [ "/nix" ];
-            };
+          name = config.networking.hostName;
+          url = cfg.url;
+          token = cfg.actions.token;
+          labels = [
+            "nix:docker://nixos/nix" # Shoutout to Icewind 1991 for this syntax: https://icewind.nl/entry/gitea-actions-nix/
+            "debian:docker://node:20-bullseye"
+            "ubuntu-latest:docker://ubuntu:latest"
+          ];
+          settings = {
+            # For an example of configuring in Nix: https://git.clan.lol/clan/clan-infra/src/branch/main/modules/web01/gitea/actions-runner.nix
+            # For an example of the different options available: https://gitea.com/gitea/act_runner/src/branch/main/internal/pkg/config/config.example.yaml
+            container.options = "-v /nix:/nix";
+            container.validVolumes = [ "/nix" ];
          };
        };
      };
+    };

-      systemd.services.nginx.wants = [ config.systemd.services.forgejo.name ];
+    systemd.services.nginx.wants = [ config.systemd.services.forgejo.name ];

-      # Enable Podman for running...uh, runners.
-      virtualisation = lib.mkIf cfg.actions.enable {
-        containers.enable = true;
-        podman = {
-          enable = true;
+    # Enable Podman for running...uh, runners.
+    virtualisation = lib.mkIf cfg.actions.enable {
+      containers.enable = true;
+      podman = {
+        enable = true;

-          # Create a `docker` alias for podman, to use it as a drop-in replacement
-          dockerCompat = true;
+        # Create a `docker` alias for podman, to use it as a drop-in replacement
+        dockerCompat = true;

-          # Required for containers under podman-compose to be able to talk to each other.
-          defaultNetwork.settings.dns_enabled = true;
-        };
+        # Required for containers under podman-compose to be able to talk to each other.
+        defaultNetwork.settings.dns_enabled = true;
      };
+    };

-      # Allow containers to make DNS queries (https://www.reddit.com/r/NixOS/comments/199f16j/why_dont_my_podman_containers_have_internet_access/)
-      networking.firewall.interfaces.podman4 = lib.mkIf cfg.actions.enable {
-        allowedTCPPorts = [ 53 ];
-        allowedUDPPorts = [ 53 ];
-      };
-    })
-    (lib.mkIf (!cfg.autostart) {
-      # Disable autostart if needed
-      systemd.services.forgejo.wantedBy = lib.mkForce [ ];
-    })
-  ];
+    # Allow containers to make DNS queries (https://www.reddit.com/r/NixOS/comments/199f16j/why_dont_my_podman_containers_have_internet_access/)
+    networking.firewall.interfaces.podman4 = lib.mkIf cfg.actions.enable {
+      allowedTCPPorts = [ 53 ];
+      allowedUDPPorts = [ 53 ];
+    };
+    # Disable autostart if configured
+    systemd.services.forgejo = lib.mkIf (!cfg.autostart) { wantedBy = lib.mkForce [ ]; };
+  };
 }
--- a/modules/services/nginx.nix
+++ b/modules/services/nginx.nix
@ -17,31 +17,28 @@ in
    };
  };

-  config = lib.mkMerge [
-    (lib.mkIf cfg.enable {
-      services.nginx = {
-        enable = true;
+  config = lib.mkIf cfg.enable {
+    services.nginx = {
+      enable = true;

-        # Use recommended settings per https://nixos.wiki/wiki/Nginx#Hardened_setup_with_TLS_and_HSTS_preloading
-        recommendedGzipSettings = true;
-        recommendedOptimisation = true;
-        recommendedTlsSettings = true;
+      # Use recommended settings per https://nixos.wiki/wiki/Nginx#Hardened_setup_with_TLS_and_HSTS_preloading
+      recommendedGzipSettings = true;
+      recommendedOptimisation = true;
+      recommendedTlsSettings = true;

-        virtualHosts = cfg.virtualHosts;
-      };
+      virtualHosts = cfg.virtualHosts;
+    };

-      # Open ports
-      networking.firewall = {
-        enable = true;
-        allowedTCPPorts = [
-          80
-          443
-        ];
-      };
-    })
-    (lib.mkIf (!cfg.autostart) {
-      # Disable autostart if needed
-      systemd.services.nginx.wantedBy = lib.mkForce [ ];
-    })
-  ];
+    # Open ports
+    networking.firewall = {
+      enable = true;
+      allowedTCPPorts = [
+        80
+        443
+      ];
+    };
+
+    # Disable autostart if configured
+    systemd.services.nginx = lib.mkIf (!cfg.autostart) { wantedBy = lib.mkForce [ ]; };
+  };
 }