Modules: Fix autostarting services

2024-07-02 14:40:49 -04:00 · 2024-07-02 14:40:49 -04:00 · fa6157c228
parent c1308f9ef4
commit fa6157c228
4 changed files with 156 additions and 137 deletions
--- a/modules/services/airsonic.nix
+++ b/modules/services/airsonic.nix
@ -32,37 +32,41 @@ in
    };
  };
-  config = lib.mkIf cfg.enable {
+  config = lib.mkMerge [
-    aux.system.users.media.enable = true;
+    (lib.mkIf cfg.enable {
-    users.users.airsonic.extraGroups = [ "media" ];
+      aux.system.users.media.enable = true;
      users.users.airsonic.extraGroups = [ "media" ];
-    services = {
+      services = {
-      nginx.virtualHosts."${cfg.url}" = {
+        nginx.virtualHosts."${cfg.url}" = {
-        useACMEHost = cfg.domain;
+          useACMEHost = cfg.domain;
-        forceSSL = true;
+          forceSSL = true;
-        locations."/" = {
+          locations."/" = {
-          proxyPass = "http://127.0.0.1:4040";
+            proxyPass = "http://127.0.0.1:4040";
-          proxyWebsockets = true;
+            proxyWebsockets = true;
-          extraConfig = "proxy_ssl_server_name on;";
+            extraConfig = "proxy_ssl_server_name on;";
          };
        };
        airsonic = {
          enable = true;
          war = "${
            (pkgs.callPackage ../../packages/airsonic-advanced.nix { inherit lib; })
          }/webapps/airsonic.war";
          port = 4040;
          jre = pkgs.jdk17;
          jvmOptions = [
            "-Dserver.use-forward-headers=true"
            "-Xmx4G" # Increase Java heap size to 4GB
          ];
        } // lib.optionalAttrs (cfg.home != "") { home = cfg.home; };
      };
-      airsonic = {
+      systemd.services.nginx.wants = [ config.systemd.services.airsonic.name ];
-        enable = true;
+    })
-        war = "${
+    (lib.mkIf (!cfg.autostart) {
-          (pkgs.callPackage ../../packages/airsonic-advanced.nix { inherit lib; })
+      # Disable autostart if needed
-        }/webapps/airsonic.war";
+      systemd.services.airsonic.wantedBy = lib.mkForce [ ];
-        port = 4040;
+    })
-        jre = pkgs.jdk17;
+  ];
        jvmOptions = [
          "-Dserver.use-forward-headers=true"
          "-Xmx4G" # Increase Java heap size to 4GB
        ];
      } // lib.optionalAttrs (cfg.home != "") { home = cfg.home; };
    };
    systemd.services = {
      nginx.wants = [ config.systemd.services.airsonic.name ];
    } // lib.optionalAttrs (!cfg.autostart) { airsonic.wantedBy = lib.mkForce [ ]; };
  };
 }
--- a/modules/services/duplicacy-web.nix
+++ b/modules/services/duplicacy-web.nix
@ -28,31 +28,39 @@ rec {
    };
  };
-  config = mkIf cfg.enable {
+  config = lib.mkMerge [
-    nixpkgs.config.allowUnfree = true;
+    (lib.mkIf cfg.enable {
-    environment.systemPackages = [ duplicacy-web ];
+      nixpkgs.config.allowUnfree = true;
      environment.systemPackages = [ duplicacy-web ];
-    networking.firewall.allowedTCPPorts = [ 3875 ];
+      networking.firewall.allowedTCPPorts = [ 3875 ];
-    # Install systemd service.
+      # Install systemd service.
-    systemd.services."duplicacy-web" = {
+      systemd.services."duplicacy-web" = {
-      enable = true;
+        enable = true;
-      wants = [ "network-online.target" ];
+        wants = [ "network-online.target" ];
-      after = [
+        after = [
-        "syslog.target"
+          "syslog.target"
-        "network-online.target"
+          "network-online.target"
-      ];
+        ];
-      description = "Start the Duplicacy backup service and web UI";
+        description = "Start the Duplicacy backup service and web UI";
-      serviceConfig = {
+        serviceConfig = {
-        Type = "simple";
+          Type = "simple";
-        ExecStart = ''${duplicacy-web}/duplicacy-web'';
+          ExecStart = ''${duplicacy-web}/duplicacy-web'';
-        Restart = "on-failure";
+          Restart = "on-failure";
-        RestartSrc = 10;
+          RestartSrc = 10;
-        KillMode = "process";
+          KillMode = "process";
        };
        environment = {
          HOME = cfg.environment;
        };
      };
-      environment = {
+    })
-        HOME = cfg.environment;
+
-      };
+    (lib.mkIf (!cfg.autostart) {
-    } // optionalAttrs cfg.autostart { wantedBy = [ "multi-user.target" ]; }; # Start at boot if autostart is enabled.
+      # Disable autostart if needed
-  };
+      systemd.services.duplicacy-web.wantedBy = lib.mkForce [ ];
    })
  ];
 }
--- a/modules/services/forgejo.nix
+++ b/modules/services/forgejo.nix
@ -55,77 +55,81 @@ in
    };
  };
-  config = lib.mkIf cfg.enable {
+  config = lib.mkMerge [
-    environment.systemPackages = [
+    (lib.mkIf cfg.enable {
-      forgejo-cli
+      environment.systemPackages = [
-      pkgs.podman-tui
+        forgejo-cli
-    ];
+        pkgs.podman-tui
-    services = {
+      ];
-      forgejo = {
+      services = {
-        enable = true;
+        forgejo = {
        settings.server = {
          DOMAIN = cfg.domain;
          ROOT_URL = cfg.url;
          HTTP_PORT = 3000;
        };
        useWizard = true;
      } // lib.optionalAttrs (cfg.home != null) { stateDir = cfg.home; };
      nginx.virtualHosts."${cfg.url}" = {
        useACMEHost = cfg.domain;
        forceSSL = true;
        locations."/" = {
          proxyPass = "http://127.0.0.1:3000";
          proxyWebsockets = true;
          extraConfig = "proxy_ssl_server_name on;"; # required when the target is also TLS server with multiple hosts
        };
      };
      # Enable runner for CI actions
      gitea-actions-runner = lib.mkIf cfg.actions.enable {
        package = pkgs.forgejo-actions-runner;
        instances.default = {
          enable = true;
-          name = config.networking.hostName;
+          settings.server = {
-          url = cfg.url;
+            DOMAIN = cfg.domain;
-          token = cfg.actions.token;
+            ROOT_URL = cfg.url;
-          labels = [
+            HTTP_PORT = 3000;
-            "nix:docker://nixos/nix" # Shoutout to Icewind 1991 for this syntax: https://icewind.nl/entry/gitea-actions-nix/
+          };
-            "debian:docker://node:20-bullseye"
+          useWizard = true;
-            "ubuntu-latest:docker://ubuntu:latest"
+        } // lib.optionalAttrs (cfg.home != null) { stateDir = cfg.home; };
-          ];
+
-          settings = {
+        nginx.virtualHosts."${cfg.url}" = {
-            # For an example of configuring in Nix: https://git.clan.lol/clan/clan-infra/src/branch/main/modules/web01/gitea/actions-runner.nix
+          useACMEHost = cfg.domain;
-            # For an example of the different options available: https://gitea.com/gitea/act_runner/src/branch/main/internal/pkg/config/config.example.yaml
+          forceSSL = true;
-            container.options = "-v /nix:/nix";
+          locations."/" = {
-            container.validVolumes = [ "/nix" ];
+            proxyPass = "http://127.0.0.1:3000";
            proxyWebsockets = true;
            extraConfig = "proxy_ssl_server_name on;"; # required when the target is also TLS server with multiple hosts
          };
        };
        # Enable runner for CI actions
        gitea-actions-runner = lib.mkIf cfg.actions.enable {
          package = pkgs.forgejo-actions-runner;
          instances.default = {
            enable = true;
            name = config.networking.hostName;
            url = cfg.url;
            token = cfg.actions.token;
            labels = [
              "nix:docker://nixos/nix" # Shoutout to Icewind 1991 for this syntax: https://icewind.nl/entry/gitea-actions-nix/
              "debian:docker://node:20-bullseye"
              "ubuntu-latest:docker://ubuntu:latest"
            ];
            settings = {
              # For an example of configuring in Nix: https://git.clan.lol/clan/clan-infra/src/branch/main/modules/web01/gitea/actions-runner.nix
              # For an example of the different options available: https://gitea.com/gitea/act_runner/src/branch/main/internal/pkg/config/config.example.yaml
              container.options = "-v /nix:/nix";
              container.validVolumes = [ "/nix" ];
            };
          };
        };
      };
    };
-    systemd.services = {
+      systemd.services.nginx.wants = [ config.systemd.services.forgejo.name ];
      nginx.wants = [ config.systemd.services.forgejo.name ];
    } // lib.optionalAttrs (!cfg.autostart) { forgejo.wantedBy = lib.mkForce [ ]; };
-    # Enable Podman for running...uh, runners.
+      # Enable Podman for running...uh, runners.
-    virtualisation = lib.mkIf cfg.actions.enable {
+      virtualisation = lib.mkIf cfg.actions.enable {
-      containers.enable = true;
+        containers.enable = true;
-      podman = {
+        podman = {
-        enable = true;
+          enable = true;
-        # Create a `docker` alias for podman, to use it as a drop-in replacement
+          # Create a `docker` alias for podman, to use it as a drop-in replacement
-        dockerCompat = true;
+          dockerCompat = true;
-        # Required for containers under podman-compose to be able to talk to each other.
+          # Required for containers under podman-compose to be able to talk to each other.
-        defaultNetwork.settings.dns_enabled = true;
+          defaultNetwork.settings.dns_enabled = true;
        };
      };
    };
-    # Allow containers to make DNS queries (https://www.reddit.com/r/NixOS/comments/199f16j/why_dont_my_podman_containers_have_internet_access/)
+      # Allow containers to make DNS queries (https://www.reddit.com/r/NixOS/comments/199f16j/why_dont_my_podman_containers_have_internet_access/)
-    networking.firewall.interfaces.podman4 = lib.mkIf cfg.actions.enable {
+      networking.firewall.interfaces.podman4 = lib.mkIf cfg.actions.enable {
-      allowedTCPPorts = [ 53 ];
+        allowedTCPPorts = [ 53 ];
-      allowedUDPPorts = [ 53 ];
+        allowedUDPPorts = [ 53 ];
-    };
+      };
-  };
+    })
    (lib.mkIf (!cfg.autostart) {
      # Disable autostart if needed
      systemd.services.forgejo.wantedBy = lib.mkForce [ ];
    })
  ];
 }
--- a/modules/services/nginx.nix
+++ b/modules/services/nginx.nix
@ -17,28 +17,31 @@ in
    };
  };
-  config = lib.mkIf cfg.enable {
+  config = lib.mkMerge [
-    services.nginx = {
+    (lib.mkIf cfg.enable {
-      enable = true;
+      services.nginx = {
        enable = true;
-      # Use recommended settings per https://nixos.wiki/wiki/Nginx#Hardened_setup_with_TLS_and_HSTS_preloading
+        # Use recommended settings per https://nixos.wiki/wiki/Nginx#Hardened_setup_with_TLS_and_HSTS_preloading
-      recommendedGzipSettings = true;
+        recommendedGzipSettings = true;
-      recommendedOptimisation = true;
+        recommendedOptimisation = true;
-      recommendedTlsSettings = true;
+        recommendedTlsSettings = true;
-      virtualHosts = cfg.virtualHosts;
+        virtualHosts = cfg.virtualHosts;
-    };
+      };
-    # Open ports
+      # Open ports
-    networking.firewall = {
+      networking.firewall = {
-      enable = true;
+        enable = true;
-      allowedTCPPorts = [
+        allowedTCPPorts = [
-        80
+          80
-        443
+          443
-      ];
+        ];
-    };
+      };
-
+    })
-    # Disable autostart if needed
+    (lib.mkIf (!cfg.autostart) {
-    systemd.services.nginx.wantedBy = lib.mkIf (!cfg.autostart) [ ];
+      # Disable autostart if needed
-  };
+      systemd.services.nginx.wantedBy = lib.mkForce [ ];
    })
  ];
 }