fix nix flake check

2026-03-25 16:42:34 -05:00
parent 642cee5dc5
commit ccd413d273
28 changed files with 228 additions and 224 deletions
--- a/systems/x86_64-linux/jallen-nas/services.nix
+++ b/systems/x86_64-linux/jallen-nas/services.nix
@@ -7,12 +7,31 @@ let
  nasData = "/media/nas/main";
 in
 {
-  systemd.network.wait-online.enable = false;
-  # Force tailscaled to use nftables (Critical for clean nftables-only systems)
-  # This avoids the "iptables-compat" translation layer issues.
-  systemd.services.tailscaled.serviceConfig.Environment = [
-    "TS_DEBUG_FIREWALL_MODE=nftables"
-  ];
+  systemd = {
+    network.wait-online.enable = false;
+    services = {
+      # Force tailscaled to use nftables (Critical for clean nftables-only systems)
+      # This avoids the "iptables-compat" translation layer issues.
+      tailscaled.serviceConfig.Environment = [
+        "TS_DEBUG_FIREWALL_MODE=nftables"
+      ];
+      # Pre-create extensions and grant superuser-owned objects that the sparkyfitness
+      # role cannot manage itself.  Appended to postgresql-setup.service which already
+      # runs as the postgres superuser after the DB is confirmed ready.
+      #
+      # 1. pg_stat_statements requires superuser to CREATE EXTENSION.
+      # 2. The extension installs functions owned by the postgres superuser; the
+      #    sparkyfitness role cannot GRANT EXECUTE on objects it doesn't own, so we
+      #    pre-grant them here before the app's grantPermissions() runs.
+      postgresql-setup.script = lib.mkAfter ''
+        psql -d sparkyfitness -c "
+          CREATE EXTENSION IF NOT EXISTS pg_stat_statements;
+          GRANT EXECUTE ON ALL FUNCTIONS IN SCHEMA public TO sparkyfitness;
+          GRANT EXECUTE ON ALL FUNCTIONS IN SCHEMA pg_catalog TO sparkyfitness;
+        "
+      '';
+    };
+  };
  networking.nftables.enable = true;
  boot.initrd.systemd.network.wait-online.enable = false;

@@ -168,19 +187,4 @@ in

  };

-  # Pre-create extensions and grant superuser-owned objects that the sparkyfitness
-  # role cannot manage itself.  Appended to postgresql-setup.service which already
-  # runs as the postgres superuser after the DB is confirmed ready.
-  #
-  # 1. pg_stat_statements requires superuser to CREATE EXTENSION.
-  # 2. The extension installs functions owned by the postgres superuser; the
-  #    sparkyfitness role cannot GRANT EXECUTE on objects it doesn't own, so we
-  #    pre-grant them here before the app's grantPermissions() runs.
-  systemd.services.postgresql-setup.script = lib.mkAfter ''
-    psql -d sparkyfitness -c "
-      CREATE EXTENSION IF NOT EXISTS pg_stat_statements;
-      GRANT EXECUTE ON ALL FUNCTIONS IN SCHEMA public TO sparkyfitness;
-      GRANT EXECUTE ON ALL FUNCTIONS IN SCHEMA pg_catalog TO sparkyfitness;
-    "
-  '';
 }