Modules: Fix autostarting services

2024-07-02 14:40:49 -04:00 · 2024-07-02 14:40:49 -04:00 · fa6157c228
parent c1308f9ef4
commit fa6157c228
4 changed files with 156 additions and 137 deletions
--- a/modules/services/airsonic.nix
+++ b/modules/services/airsonic.nix
@ -32,37 +32,41 @@ in
    };
  };

-  config = lib.mkIf cfg.enable {
-    aux.system.users.media.enable = true;
-    users.users.airsonic.extraGroups = [ "media" ];
+  config = lib.mkMerge [
+    (lib.mkIf cfg.enable {
+      aux.system.users.media.enable = true;
+      users.users.airsonic.extraGroups = [ "media" ];

-    services = {
-      nginx.virtualHosts."${cfg.url}" = {
-        useACMEHost = cfg.domain;
-        forceSSL = true;
-        locations."/" = {
-          proxyPass = "http://127.0.0.1:4040";
-          proxyWebsockets = true;
-          extraConfig = "proxy_ssl_server_name on;";
+      services = {
+        nginx.virtualHosts."${cfg.url}" = {
+          useACMEHost = cfg.domain;
+          forceSSL = true;
+          locations."/" = {
+            proxyPass = "http://127.0.0.1:4040";
+            proxyWebsockets = true;
+            extraConfig = "proxy_ssl_server_name on;";
+          };
        };
+
+        airsonic = {
+          enable = true;
+          war = "${
+            (pkgs.callPackage ../../packages/airsonic-advanced.nix { inherit lib; })
+          }/webapps/airsonic.war";
+          port = 4040;
+          jre = pkgs.jdk17;
+          jvmOptions = [
+            "-Dserver.use-forward-headers=true"
+            "-Xmx4G" # Increase Java heap size to 4GB
+          ];
+        } // lib.optionalAttrs (cfg.home != "") { home = cfg.home; };
      };

-      airsonic = {
-        enable = true;
-        war = "${
-          (pkgs.callPackage ../../packages/airsonic-advanced.nix { inherit lib; })
-        }/webapps/airsonic.war";
-        port = 4040;
-        jre = pkgs.jdk17;
-        jvmOptions = [
-          "-Dserver.use-forward-headers=true"
-          "-Xmx4G" # Increase Java heap size to 4GB
-        ];
-      } // lib.optionalAttrs (cfg.home != "") { home = cfg.home; };
-    };
-
-    systemd.services = {
-      nginx.wants = [ config.systemd.services.airsonic.name ];
-    } // lib.optionalAttrs (!cfg.autostart) { airsonic.wantedBy = lib.mkForce [ ]; };
-  };
+      systemd.services.nginx.wants = [ config.systemd.services.airsonic.name ];
+    })
+    (lib.mkIf (!cfg.autostart) {
+      # Disable autostart if needed
+      systemd.services.airsonic.wantedBy = lib.mkForce [ ];
+    })
+  ];
 }
--- a/modules/services/duplicacy-web.nix
+++ b/modules/services/duplicacy-web.nix
@ -28,31 +28,39 @@ rec {
    };
  };

-  config = mkIf cfg.enable {
-    nixpkgs.config.allowUnfree = true;
-    environment.systemPackages = [ duplicacy-web ];
+  config = lib.mkMerge [
+    (lib.mkIf cfg.enable {
+      nixpkgs.config.allowUnfree = true;
+      environment.systemPackages = [ duplicacy-web ];

-    networking.firewall.allowedTCPPorts = [ 3875 ];
+      networking.firewall.allowedTCPPorts = [ 3875 ];

-    # Install systemd service.
-    systemd.services."duplicacy-web" = {
-      enable = true;
-      wants = [ "network-online.target" ];
-      after = [
-        "syslog.target"
-        "network-online.target"
-      ];
-      description = "Start the Duplicacy backup service and web UI";
-      serviceConfig = {
-        Type = "simple";
-        ExecStart = ''${duplicacy-web}/duplicacy-web'';
-        Restart = "on-failure";
-        RestartSrc = 10;
-        KillMode = "process";
+      # Install systemd service.
+      systemd.services."duplicacy-web" = {
+        enable = true;
+        wants = [ "network-online.target" ];
+        after = [
+          "syslog.target"
+          "network-online.target"
+        ];
+        description = "Start the Duplicacy backup service and web UI";
+        serviceConfig = {
+          Type = "simple";
+          ExecStart = ''${duplicacy-web}/duplicacy-web'';
+          Restart = "on-failure";
+          RestartSrc = 10;
+          KillMode = "process";
+        };
+        environment = {
+          HOME = cfg.environment;
+        };
      };
-      environment = {
-        HOME = cfg.environment;
-      };
-    } // optionalAttrs cfg.autostart { wantedBy = [ "multi-user.target" ]; }; # Start at boot if autostart is enabled.
-  };
+    })
+
+    (lib.mkIf (!cfg.autostart) {
+      # Disable autostart if needed
+      systemd.services.duplicacy-web.wantedBy = lib.mkForce [ ];
+    })
+  ];
+
 }
--- a/modules/services/forgejo.nix
+++ b/modules/services/forgejo.nix
@ -55,77 +55,81 @@ in
    };
  };

-  config = lib.mkIf cfg.enable {
-    environment.systemPackages = [
-      forgejo-cli
-      pkgs.podman-tui
-    ];
-    services = {
-      forgejo = {
-        enable = true;
-        settings.server = {
-          DOMAIN = cfg.domain;
-          ROOT_URL = cfg.url;
-          HTTP_PORT = 3000;
-        };
-        useWizard = true;
-      } // lib.optionalAttrs (cfg.home != null) { stateDir = cfg.home; };
-
-      nginx.virtualHosts."${cfg.url}" = {
-        useACMEHost = cfg.domain;
-        forceSSL = true;
-        locations."/" = {
-          proxyPass = "http://127.0.0.1:3000";
-          proxyWebsockets = true;
-          extraConfig = "proxy_ssl_server_name on;"; # required when the target is also TLS server with multiple hosts
-        };
-      };
-
-      # Enable runner for CI actions
-      gitea-actions-runner = lib.mkIf cfg.actions.enable {
-        package = pkgs.forgejo-actions-runner;
-        instances.default = {
+  config = lib.mkMerge [
+    (lib.mkIf cfg.enable {
+      environment.systemPackages = [
+        forgejo-cli
+        pkgs.podman-tui
+      ];
+      services = {
+        forgejo = {
          enable = true;
-          name = config.networking.hostName;
-          url = cfg.url;
-          token = cfg.actions.token;
-          labels = [
-            "nix:docker://nixos/nix" # Shoutout to Icewind 1991 for this syntax: https://icewind.nl/entry/gitea-actions-nix/
-            "debian:docker://node:20-bullseye"
-            "ubuntu-latest:docker://ubuntu:latest"
-          ];
-          settings = {
-            # For an example of configuring in Nix: https://git.clan.lol/clan/clan-infra/src/branch/main/modules/web01/gitea/actions-runner.nix
-            # For an example of the different options available: https://gitea.com/gitea/act_runner/src/branch/main/internal/pkg/config/config.example.yaml
-            container.options = "-v /nix:/nix";
-            container.validVolumes = [ "/nix" ];
+          settings.server = {
+            DOMAIN = cfg.domain;
+            ROOT_URL = cfg.url;
+            HTTP_PORT = 3000;
+          };
+          useWizard = true;
+        } // lib.optionalAttrs (cfg.home != null) { stateDir = cfg.home; };
+
+        nginx.virtualHosts."${cfg.url}" = {
+          useACMEHost = cfg.domain;
+          forceSSL = true;
+          locations."/" = {
+            proxyPass = "http://127.0.0.1:3000";
+            proxyWebsockets = true;
+            extraConfig = "proxy_ssl_server_name on;"; # required when the target is also TLS server with multiple hosts
+          };
+        };
+
+        # Enable runner for CI actions
+        gitea-actions-runner = lib.mkIf cfg.actions.enable {
+          package = pkgs.forgejo-actions-runner;
+          instances.default = {
+            enable = true;
+            name = config.networking.hostName;
+            url = cfg.url;
+            token = cfg.actions.token;
+            labels = [
+              "nix:docker://nixos/nix" # Shoutout to Icewind 1991 for this syntax: https://icewind.nl/entry/gitea-actions-nix/
+              "debian:docker://node:20-bullseye"
+              "ubuntu-latest:docker://ubuntu:latest"
+            ];
+            settings = {
+              # For an example of configuring in Nix: https://git.clan.lol/clan/clan-infra/src/branch/main/modules/web01/gitea/actions-runner.nix
+              # For an example of the different options available: https://gitea.com/gitea/act_runner/src/branch/main/internal/pkg/config/config.example.yaml
+              container.options = "-v /nix:/nix";
+              container.validVolumes = [ "/nix" ];
+            };
          };
        };
      };
-    };

-    systemd.services = {
-      nginx.wants = [ config.systemd.services.forgejo.name ];
-    } // lib.optionalAttrs (!cfg.autostart) { forgejo.wantedBy = lib.mkForce [ ]; };
+      systemd.services.nginx.wants = [ config.systemd.services.forgejo.name ];

-    # Enable Podman for running...uh, runners.
-    virtualisation = lib.mkIf cfg.actions.enable {
-      containers.enable = true;
-      podman = {
-        enable = true;
+      # Enable Podman for running...uh, runners.
+      virtualisation = lib.mkIf cfg.actions.enable {
+        containers.enable = true;
+        podman = {
+          enable = true;

-        # Create a `docker` alias for podman, to use it as a drop-in replacement
-        dockerCompat = true;
+          # Create a `docker` alias for podman, to use it as a drop-in replacement
+          dockerCompat = true;

-        # Required for containers under podman-compose to be able to talk to each other.
-        defaultNetwork.settings.dns_enabled = true;
+          # Required for containers under podman-compose to be able to talk to each other.
+          defaultNetwork.settings.dns_enabled = true;
+        };
      };
-    };

-    # Allow containers to make DNS queries (https://www.reddit.com/r/NixOS/comments/199f16j/why_dont_my_podman_containers_have_internet_access/)
-    networking.firewall.interfaces.podman4 = lib.mkIf cfg.actions.enable {
-      allowedTCPPorts = [ 53 ];
-      allowedUDPPorts = [ 53 ];
-    };
-  };
+      # Allow containers to make DNS queries (https://www.reddit.com/r/NixOS/comments/199f16j/why_dont_my_podman_containers_have_internet_access/)
+      networking.firewall.interfaces.podman4 = lib.mkIf cfg.actions.enable {
+        allowedTCPPorts = [ 53 ];
+        allowedUDPPorts = [ 53 ];
+      };
+    })
+    (lib.mkIf (!cfg.autostart) {
+      # Disable autostart if needed
+      systemd.services.forgejo.wantedBy = lib.mkForce [ ];
+    })
+  ];
 }
--- a/modules/services/nginx.nix
+++ b/modules/services/nginx.nix
@ -17,28 +17,31 @@ in
    };
  };

-  config = lib.mkIf cfg.enable {
-    services.nginx = {
-      enable = true;
+  config = lib.mkMerge [
+    (lib.mkIf cfg.enable {
+      services.nginx = {
+        enable = true;

-      # Use recommended settings per https://nixos.wiki/wiki/Nginx#Hardened_setup_with_TLS_and_HSTS_preloading
-      recommendedGzipSettings = true;
-      recommendedOptimisation = true;
-      recommendedTlsSettings = true;
+        # Use recommended settings per https://nixos.wiki/wiki/Nginx#Hardened_setup_with_TLS_and_HSTS_preloading
+        recommendedGzipSettings = true;
+        recommendedOptimisation = true;
+        recommendedTlsSettings = true;

-      virtualHosts = cfg.virtualHosts;
-    };
+        virtualHosts = cfg.virtualHosts;
+      };

-    # Open ports
-    networking.firewall = {
-      enable = true;
-      allowedTCPPorts = [
-        80
-        443
-      ];
-    };
-
-    # Disable autostart if needed
-    systemd.services.nginx.wantedBy = lib.mkIf (!cfg.autostart) [ ];
-  };
+      # Open ports
+      networking.firewall = {
+        enable = true;
+        allowedTCPPorts = [
+          80
+          443
+        ];
+      };
+    })
+    (lib.mkIf (!cfg.autostart) {
+      # Disable autostart if needed
+      systemd.services.nginx.wantedBy = lib.mkForce [ ];
+    })
+  ];
 }