From fedba849a75c20847ae707494a9a17018c77f842 Mon Sep 17 00:00:00 2001 From: mjallen18 Date: Sun, 14 Dec 2025 22:47:51 -0600 Subject: [PATCH] mkModule migration begin --- lib/module/default.nix | 37 ++- modules/nixos/services/actual/default.nix | 19 +- modules/nixos/services/ai/default.nix | 120 ++++---- modules/nixos/services/ai/options.nix | 7 - modules/nixos/services/arrs/default.nix | 102 ++++--- .../nixos/services/arrs/default.nix.container | 261 ---------------- modules/nixos/services/arrs/options.nix | 112 ------- modules/nixos/services/attic/default.nix | 280 +++++++++--------- modules/nixos/services/attic/options.nix | 31 -- 9 files changed, 302 insertions(+), 667 deletions(-) delete mode 100644 modules/nixos/services/ai/options.nix delete mode 100755 modules/nixos/services/arrs/default.nix.container delete mode 100644 modules/nixos/services/arrs/options.nix delete mode 100644 modules/nixos/services/attic/options.nix diff --git a/lib/module/default.nix b/lib/module/default.nix index 7043425..4b00ad8 100644 --- a/lib/module/default.nix +++ b/lib/module/default.nix @@ -48,6 +48,12 @@ rec { reverseProxies = [ reverseProxyConfig ]; }; + # Open firewall + networking.firewall = lib.mkIf cfg.openFirewall { + allowedTCPPorts = [ cfg.port ]; + allowedUDPPorts = [ cfg.port ]; + }; + users = lib.mkIf cfg.createUser { users.${name} = { isSystemUser = true; @@ -57,6 +63,19 @@ rec { groups.${name} = { }; }; + services = { + # postgresql = lib.mkIf cfg.configureDb { + # enable = true; + # ensureDatabases = [ name ]; + # ensureUsers = [ + # { + # name = name; + # ensureDBOwnership = true; + # } + # ]; + # }; + }; + systemd.tmpfiles.rules = [ "d ${cfg.configDir} 0700 ${name} ${name} - -" "d ${cfg.configDir}/server-files 0700 ${name} ${name} - -" @@ -73,12 +92,26 @@ rec { port = mkOpt types.int 80 "Port for ${name} to be hosted on"; - configDir = mkOpt types.str "/media/nas/main/nix-app-data/${name}" "Path to the config dir"; + configDir = mkOpt types.str "/media/nas/main/nix-app-data" "Path to the config dir"; - dataDir = mkOpt types.str "/media/nas/main/${name}" "Path to the data dir"; + dataDir = mkOpt types.str "/media/nas/main" "Path to the data dir"; createUser = mkBoolOpt false "create a user for this module/service"; + configureDb = mkBoolOpt false "Manage db for this service"; + + environmentFile = mkOpt types.str "" "Environment File"; + + puid = mkOpt types.str "911" "default user id"; + + pgid = mkOpt types.str "1000" "default group id"; + + timeZone = mkOpt types.str "America/Chicago" "default timezone"; + + listenAddress = mkOpt types.str "0.0.0.0" "Environment File"; + + openFirewall = mkBoolOpt true "Open the firewall"; + reverseProxy = mkReverseProxyOpt; } // options; diff --git a/modules/nixos/services/actual/default.nix b/modules/nixos/services/actual/default.nix index 7268165..9cee9de 100644 --- a/modules/nixos/services/actual/default.nix +++ b/modules/nixos/services/actual/default.nix @@ -10,29 +10,29 @@ let name = "actual"; cfg = config.${namespace}.services.${name}; - actualConfig = lib.${namespace}.mkModule rec { - inherit name; + actualConfig = lib.${namespace}.mkModule { + inherit config name; description = "Actual Personal Finance Planner"; options = { }; moduleConfig = { services.actual = { enable = true; - openFirewall = true; + openFirewall = cfg.openFirewall; settings = { trustedProxies = [ config.${namespace}.network.ipv4.address ]; port = cfg.port; - configDir = cfg.configDir; - serverFiles = "${cfg.configDir}/server-files"; - userFiles = "${cfg.configDir}/user-files"; + configDir = "${cfg.configDir}/${name}"; + serverFiles = "${cfg.configDir}/${name}/server-files"; + userFiles = "${cfg.configDir}/${name}/user-files"; }; }; systemd.services = lib.mkIf cfg.createUser { actual = { - environment.ACTUAL_CONFIG_PATH = lib.mkForce "${cfg.configDir}/config.json"; + environment.ACTUAL_CONFIG_PATH = lib.mkForce "${cfg.configDir}/${name}/config.json"; serviceConfig = { - ExecStart = lib.mkForce "${lib.getExe pkgs.actual-server} --config ${cfg.configDir}/config.json"; - WorkingDirectory = lib.mkForce cfg.configDir; + ExecStart = lib.mkForce "${lib.getExe pkgs.actual-server} --config ${cfg.configDir}/${name}/config.json"; + WorkingDirectory = lib.mkForce "${cfg.configDir}/${name}"; StateDirectoryMode = lib.mkForce 700; DynamicUser = lib.mkForce false; ProtectSystem = lib.mkForce "full"; @@ -40,7 +40,6 @@ let }; }; }; - inherit config; }; in { diff --git a/modules/nixos/services/ai/default.nix b/modules/nixos/services/ai/default.nix index 8c3a4b3..cc8c88f 100755 --- a/modules/nixos/services/ai/default.nix +++ b/modules/nixos/services/ai/default.nix @@ -7,66 +7,74 @@ }: with lib; let - cfg = config.${namespace}.services.ai; -in -{ - imports = [ ./options.nix ]; + name = "ai"; + cfg = config.${namespace}.services.${name}; - config = mkIf cfg.enable { - services.ollama = { - enable = true; - package = pkgs.stable.ollama-rocm; - port = 11434; - host = "0.0.0.0"; - user = "nix-apps"; - group = "jallen-nas"; - openFirewall = true; - rocmOverrideGfx = "11.0.2"; - loadModels = [ "mistral:instruct" ]; - home = "/media/nas/main/nix-app-data/ollama"; - }; + aiConfig = lib.${namespace}.mkModule { + inherit config name; + description = "AI Services"; + options = { }; + moduleConfig = { + services = { + ollama = { + enable = true; + package = pkgs.stable.ollama-rocm; + port = 11434; + host = "0.0.0.0"; + user = "nix-apps"; + group = "jallen-nas"; + openFirewall = cfg.openFirewall; + rocmOverrideGfx = "11.0.2"; + loadModels = [ "mistral:instruct" ]; + home = "${cfg.configDir}/ollama"; + }; - services.llama-cpp = { - enable = true; - port = 8127; - host = "0.0.0.0"; - openFirewall = true; - model = "/media/nas/main/nix-app-data/llama-cpp/models/functionary-small-v3.2-GGUF/functionary-small-v3.2.Q4_0.gguf"; - package = pkgs.stable.llama-cpp-rocm; - extraFlags = [ - "--n_gpu-layers" - "500" - "-c" - "0" - "--numa" - "numactl" - "--jinja" - ]; - }; + llama-cpp = { + enable = true; + port = 8127; + host = "0.0.0.0"; + openFirewall = cfg.openFirewall; + model = "${cfg.configDir}/llama-cpp/models/functionary-small-v3.2-GGUF/functionary-small-v3.2.Q4_0.gguf"; + package = pkgs.stable.llama-cpp-rocm; + extraFlags = [ + "--n_gpu-layers" + "500" + "-c" + "0" + "--numa" + "numactl" + "--jinja" + ]; + }; - services.open-webui = { - enable = true; - package = pkgs.stable.open-webui; - host = "0.0.0.0"; - port = 8888; - openFirewall = true; - # stateDir = "/media/nas/main/nix-app-data/open-webui"; - environmentFile = config.sops.secrets."jallen-nas/open-webui".path; - environment = { - OPENID_PROVIDER_URL = "https://authentik.mjallen.dev/application/o/chat/.well-known/openid-configuration"; - OAUTH_PROVIDER_NAME = "authentik"; - OPENID_REDIRECT_URI = "https://chat.mjallen.dev/oauth/oidc/callback"; - ENABLE_OAUTH_SIGNUP = "False"; - OAUTH_MERGE_ACCOUNTS_BY_EMAIL = "True"; - ENABLE_SIGNUP = "False"; - ENABLE_LOGIN_FORM = "False"; - ANONYMIZED_TELEMETRY = "False"; - DO_NOT_TRACK = "True"; - SCARF_NO_ANALYTICS = "True"; - OLLAMA_API_BASE_URL = "http://127.0.0.1:11434"; - LOCAL_FILES_ONLY = "False"; - WEBUI_AUTH = "False"; + open-webui = { + enable = true; + package = pkgs.stable.open-webui; + host = "0.0.0.0"; + port = 8888; + openFirewall = cfg.openFirewall; + # stateDir = "/media/nas/main/nix-app-data/open-webui"; + environmentFile = config.sops.secrets."jallen-nas/open-webui".path; + environment = { + OPENID_PROVIDER_URL = "https://authentik.mjallen.dev/application/o/chat/.well-known/openid-configuration"; + OAUTH_PROVIDER_NAME = "authentik"; + OPENID_REDIRECT_URI = "https://chat.mjallen.dev/oauth/oidc/callback"; + ENABLE_OAUTH_SIGNUP = "False"; + OAUTH_MERGE_ACCOUNTS_BY_EMAIL = "True"; + ENABLE_SIGNUP = "False"; + ENABLE_LOGIN_FORM = "False"; + ANONYMIZED_TELEMETRY = "False"; + DO_NOT_TRACK = "True"; + SCARF_NO_ANALYTICS = "True"; + OLLAMA_API_BASE_URL = "http://127.0.0.1:11434"; + LOCAL_FILES_ONLY = "False"; + WEBUI_AUTH = "False"; + }; + }; }; }; }; +in +{ + imports = [ aiConfig ]; } diff --git a/modules/nixos/services/ai/options.nix b/modules/nixos/services/ai/options.nix deleted file mode 100644 index cc0dbb8..0000000 --- a/modules/nixos/services/ai/options.nix +++ /dev/null @@ -1,7 +0,0 @@ -{ lib, namespace, ... }: -with lib; -{ - options.${namespace}.services.ai = { - enable = mkEnableOption "enable ai"; - }; -} diff --git a/modules/nixos/services/arrs/default.nix b/modules/nixos/services/arrs/default.nix index d38870e..d7db916 100644 --- a/modules/nixos/services/arrs/default.nix +++ b/modules/nixos/services/arrs/default.nix @@ -6,57 +6,63 @@ }: with lib; let - cfg = config.${namespace}.services.arrs; -in -{ - imports = [ ./options.nix ]; + name = "arrs"; + cfg = config.${namespace}.services.${name}; - config = mkIf cfg.enable { - # Enable radarr service - services.radarr = { - enable = cfg.radarr.enable; - openFirewall = true; - user = "nix-apps"; - group = "jallen-nas"; - dataDir = cfg.radarr.dataDir; - }; - - # Enable Sonarr service - services.sonarr = { - enable = cfg.sonarr.enable; - openFirewall = true; - user = "nix-apps"; - group = "jallen-nas"; - dataDir = cfg.sonarr.dataDir; - }; - - # Enable Sabnzbd service - services.sabnzbd = { - enable = cfg.sabnzbd.enable; - # openFirewall = true; - user = "nix-apps"; - group = "jallen-nas"; - configFile = "${cfg.sabnzbd.dataDir}/sabnzbd.ini"; - }; - - services.deluge = { - enable = cfg.deluge.enable; - user = "nix-apps"; - group = "jallen-nas"; - openFirewall = true; - dataDir = "/media/nas/main"; - web = { + arrsConfig = lib.${namespace}.mkModule { + inherit config name; + description = "*arr Services"; + options = { }; + moduleConfig = { + # Enable radarr service + services.radarr = { enable = true; - port = cfg.deluge.port; - openFirewall = true; + openFirewall = cfg.openFirewall; + user = "nix-apps"; + group = "jallen-nas"; + dataDir = "${cfg.configDir}/radarr"; + }; + + # Enable Sonarr service + services.sonarr = { + enable = true; + openFirewall = cfg.openFirewall; + user = "nix-apps"; + group = "jallen-nas"; + dataDir = "${cfg.configDir}/sonarr"; + }; + + # Enable Sabnzbd service + services.sabnzbd = { + enable = true; + # openFirewall = cfg.openFirewall; + user = "nix-apps"; + group = "jallen-nas"; + configFile = "${cfg.configDir}/sabnzbd/sabnzbd.ini"; + }; + + services.deluge = { + enable = false; + user = "nix-apps"; + group = "jallen-nas"; + openFirewall = cfg.openFirewall; + dataDir = cfg.dataDir; + web = { + enable = true; + port = 8112; + openFirewall = cfg.openFirewall; + }; + }; + + services.jackett = { + enable = false; + user = "nix-apps"; + group = "jallen-nas"; + openFirewall = cfg.openFirewall; }; }; - - services.jackett = { - enable = cfg.jackett.enable; - user = "nix-apps"; - group = "jallen-nas"; - openFirewall = true; - }; }; +in +{ + imports = [ arrsConfig ]; } diff --git a/modules/nixos/services/arrs/default.nix.container b/modules/nixos/services/arrs/default.nix.container deleted file mode 100755 index b0bec24..0000000 --- a/modules/nixos/services/arrs/default.nix.container +++ /dev/null @@ -1,261 +0,0 @@ -{ - config, - pkgs, - lib, - namespace, - ... -}: -with lib; -let - cfg = config.${namespace}.services.arrs; - radarrDataDir = "/var/lib/radarr"; - downloadDir = "/downloads"; - incompleteDir = "/downloads-incomplete"; - sonarrDataDir = "/var/lib/sonarr"; - sabnzbdConfig = "/var/lib/sabnzbd"; - jackettDir = "/var/lib/jackett/.config/Jackett"; - mediaDir = "/media"; - arrUserId = config.users.users.nix-apps.uid; - arrGroupId = config.users.groups.jallen-nas.gid; - radarrPkg = pkgs.radarr; - sonarrPkg = pkgs.sonarr; - delugePkg = pkgs.deluge; - jackettPkg = pkgs.jackett; -in -{ - imports = [ ./options.nix ]; - - config = mkIf cfg.enable { - containers.arrs = { - autoStart = true; - privateNetwork = true; - hostAddress = "10.0.1.3"; - localAddress = cfg.localAddress; - - config = - { - pkgs, - lib, - ... - }: - { - nixpkgs.config = { - allowUnfree = lib.mkForce true; - allowUnfreePredicate = - pkg: - builtins.elem (lib.getName pkg) [ - "unrar" - ]; - }; - - # Enable radarr service - services.radarr = { - enable = cfg.radarr.enable; - openFirewall = true; - user = "arrs"; - group = "media"; - dataDir = radarrDataDir; - package = radarrPkg; - }; - - # Enable Sonarr service - services.sonarr = { - enable = cfg.sonarr.enable; - openFirewall = true; - user = "arrs"; - group = "media"; - dataDir = sonarrDataDir; - package = sonarrPkg; - }; - - # Enable Sabnzbd service - services.sabnzbd = { - enable = cfg.sabnzbd.enable; - openFirewall = true; - user = "arrs"; - group = "media"; - configFile = "${sabnzbdConfig}/sabnzbd.ini"; - package = pkgs.sabnzbd; - }; - - services.deluge = { - enable = cfg.deluge.enable; - user = "arrs"; - group = "media"; - openFirewall = true; - dataDir = "/media"; - package = delugePkg; - web = { - enable = true; - port = cfg.deluge.port; - openFirewall = true; - }; - }; - - services.jackett = { - enable = cfg.jackett.enable; - user = "arrs"; - group = "media"; - openFirewall = true; - package = jackettPkg; - }; - - # Create required users and groups - users.users.arrs = { - isSystemUser = true; - uid = lib.mkForce arrUserId; - group = "media"; - extraGroups = [ "downloads" ]; - }; - - users.groups = { - media = { - gid = lib.mkForce arrGroupId; - }; - downloads = { }; - }; - - # System packages - environment.systemPackages = with pkgs; [ - glib - sqlite - mono - mediainfo - protonvpn-cli_2 - ]; - - # Create and set permissions for required directories - system.activationScripts.arr-dirs = '' - mkdir -p ${radarrDataDir} - mkdir -p ${sonarrDataDir} - mkdir -p ${sabnzbdConfig} - mkdir -p ${downloadDir} - mkdir -p ${incompleteDir} - mkdir -p ${mediaDir} - - chown -R arrs:media ${radarrDataDir} - chown -R arrs:media ${sonarrDataDir} - chown -R arrs:media ${sabnzbdConfig} - chown -R arrs:media ${downloadDir} - chown -R arrs:media ${incompleteDir} - chown -R arrs:media ${mediaDir} - - chmod -R 775 ${radarrDataDir} - chmod -R 775 ${sonarrDataDir} - chmod -R 775 ${sabnzbdConfig} - chmod -R 775 ${downloadDir} - chmod -R 775 ${incompleteDir} - chmod -R 775 ${mediaDir} - - ''; - - networking = { - firewall = { - enable = true; - allowedTCPPorts = [ - cfg.radarr.port - cfg.sonarr.port - cfg.sabnzbd.port - 8080 - ]; - }; - # Use systemd-resolved inside the container - # Workaround for bug https://github.com/NixOS/nixpkgs/issues/162686 - useHostResolvConf = lib.mkForce false; - }; - - services.resolved.enable = true; - system.stateVersion = "23.11"; - }; - - # Bind mount directories from host - bindMounts = { - "/etc/resolv.conf" = { - hostPath = "/etc/resolv.conf"; - isReadOnly = true; - }; - "${radarrDataDir}" = { - hostPath = cfg.radarr.dataDir; - isReadOnly = false; - }; - "${sonarrDataDir}" = { - hostPath = cfg.sonarr.dataDir; - isReadOnly = false; - }; - "${sabnzbdConfig}" = { - hostPath = cfg.sabnzbd.dataDir; - isReadOnly = false; - }; - "${downloadDir}" = { - hostPath = cfg.downloadsDir; - isReadOnly = false; - }; - "${incompleteDir}" = { - hostPath = cfg.incompleteDownloadsDir; - isReadOnly = false; - }; - "${jackettDir}" = { - hostPath = cfg.jackett.dataDir; - isReadOnly = false; - }; - "/media/movies" = { - hostPath = cfg.moviesDir; - isReadOnly = false; - }; - "/media/tv" = { - hostPath = cfg.tvDir; - isReadOnly = false; - }; - "/media/isos" = { - hostPath = cfg.isosDir; - isReadOnly = false; - }; - }; - }; - - networking = { - nat = { - forwardPorts = [ - { - destination = "${cfg.localAddress}:${toString cfg.radarr.port}"; - sourcePort = cfg.radarr.port; - } - { - destination = "${cfg.localAddress}:${toString cfg.sonarr.port}"; - sourcePort = cfg.sonarr.port; - } - { - destination = "${cfg.localAddress}:8080"; - sourcePort = cfg.sabnzbd.port; - } - { - destination = "${cfg.localAddress}:${toString cfg.deluge.port}"; - sourcePort = cfg.deluge.port; - } - { - destination = "${cfg.localAddress}:${toString cfg.jackett.port}"; - sourcePort = cfg.jackett.port; - } - ]; - }; - firewall = { - allowedTCPPorts = [ - cfg.radarr.port - cfg.sonarr.port - cfg.sabnzbd.port - 8080 - cfg.deluge.port - cfg.jackett.port - ]; - allowedUDPPorts = [ - cfg.radarr.port - cfg.sonarr.port - cfg.sabnzbd.port - 8080 - cfg.deluge.port - cfg.jackett.port - ]; - }; - }; - }; -} diff --git a/modules/nixos/services/arrs/options.nix b/modules/nixos/services/arrs/options.nix deleted file mode 100644 index ae61166..0000000 --- a/modules/nixos/services/arrs/options.nix +++ /dev/null @@ -1,112 +0,0 @@ -{ lib, namespace, ... }: -with lib; -{ - options.${namespace}.services.arrs = { - enable = mkEnableOption "arrs services"; - - radarr = { - enable = mkOption { - type = types.bool; - default = false; - }; - port = mkOption { - type = types.int; - default = 7878; - }; - dataDir = mkOption { - type = types.str; - default = ""; - }; - }; - - sonarr = { - enable = mkOption { - type = types.bool; - default = false; - }; - port = mkOption { - type = types.int; - default = 8989; - }; - dataDir = mkOption { - type = types.str; - default = ""; - }; - }; - - sabnzbd = { - enable = mkOption { - type = types.bool; - default = false; - }; - port = mkOption { - type = types.int; - default = 8280; - }; - dataDir = mkOption { - type = types.str; - default = ""; - }; - }; - - deluge = { - enable = mkOption { - type = types.bool; - default = false; - }; - port = mkOption { - type = types.int; - default = 8112; - }; - dataDir = mkOption { - type = types.str; - default = ""; - }; - }; - - jackett = { - enable = mkOption { - type = types.bool; - default = false; - }; - port = mkOption { - type = types.int; - default = 9117; - }; - dataDir = mkOption { - type = types.str; - default = ""; - }; - }; - - localAddress = mkOption { - type = types.str; - default = "127.0.0.1"; - }; - - downloadsDir = mkOption { - type = types.str; - default = ""; - }; - - incompleteDownloadsDir = mkOption { - type = types.str; - default = ""; - }; - - moviesDir = mkOption { - type = types.str; - default = ""; - }; - - tvDir = mkOption { - type = types.str; - default = ""; - }; - - isosDir = mkOption { - type = types.str; - default = ""; - }; - }; -} diff --git a/modules/nixos/services/attic/default.nix b/modules/nixos/services/attic/default.nix index acdffb1..1553a6a 100644 --- a/modules/nixos/services/attic/default.nix +++ b/modules/nixos/services/attic/default.nix @@ -7,152 +7,152 @@ }: with lib; let - cfg = config.${namespace}.services.attic; -in -{ - imports = [ ./options.nix ]; + name = "attic"; + cfg = config.${namespace}.services.${name}; - config = mkIf cfg.enable { - services.atticd = { - enable = true; - environmentFile = cfg.environmentFile; - settings = { - listen = "${cfg.listenAddress}:${toString cfg.port}"; - }; - }; - - # Open firewall for attic if enabled - networking.firewall = mkIf cfg.openFirewall { - allowedTCPPorts = [ cfg.port ]; - allowedUDPPorts = [ cfg.port ]; - }; - - # Include the attic watch-store service and rebuild cache services - systemd.services = { - attic-watch-store = { + atticConfig = lib.${namespace}.mkModule { + inherit config name; + description = "attic Service"; + options = { }; + moduleConfig = { + services.atticd = { enable = true; - description = "watch store for cache"; - serviceConfig = { - Type = "simple"; - User = "admin"; - Group = "jallen-nas"; - WorkingDirectory = "/etc/nixos"; - StandardOutput = "journal+console"; - StandardError = "journal+console"; - Restart = "always"; - RestartSec = "5"; - }; - path = with pkgs; [ - bash - attic-client - ]; - script = '' - #!/usr/bin/env bash - attic watch-store nas-cache - ''; - }; - - nix-rebuild-cache = { - enable = true; - description = "Rebuild NixOS configurations for cache"; - serviceConfig = { - Type = "oneshot"; - User = "admin"; - Group = "jallen-nas"; - WorkingDirectory = "/etc/nixos"; - StandardOutput = "journal+console"; - StandardError = "journal+console"; - Restart = "no"; - TimeoutStartSec = "2h"; - }; - path = with pkgs; [ - nix - git - coreutils - gnugrep - gnused - openssh - ]; - script = '' - #!/usr/bin/env bash - if [ -d .git ]; then - git pull || echo "Warning: Could not pull latest changes" - git stash - git pull || echo "Warning: Could not pull latest changes after stash" - return 1 - fi - echo "Updating flake at $(date)" - if nix flake update; then - echo "flake updated successfully at $(date)" - else - echo "failed to update flake $(date)" - fi - - if nix flake check; then - echo "flake checked successfully at $(date)" - else - echo "flake check failed at $(date)" - git reset --hard - fi - - if nh os build --hostname=jallen-nas --out-link=result-nas; then - echo "nas built successfully at $(date)" - fi; - - if nh os build --hostname=nuc-nixos --out-link=result-nuc; then - echo "nuc built successfully at $(date)" - fi; - - if nh os build --hostname=matt-nixos --out-link=result-desktop; then - echo "desktop built successfully at $(date)" - fi; - - if nh os build --hostname=steamdeck --out-link=result-steamdeck; then - echo "steamdeck built successfully at $(date)" - fi; - - if nh os build --hostname=pi4 --out-link=result-pi4; then - echo "pi4 built successfully at $(date)" - fi; - - if nh os build --hostname=pi5 --out-link=result-pi5; then - echo "pi5 built successfully at $(date)" - fi; - ''; - }; - }; - - # Include timers for cache rebuilds - systemd.timers = { - nix-rebuild-cache = { - description = "Timer for rebuilding NixOS configurations cache"; - wantedBy = [ "timers.target" ]; - timerConfig = { - OnCalendar = "weekly"; - Persistent = true; - RandomizedDelaySec = "24h"; + environmentFile = cfg.environmentFile; + settings = { + listen = "${cfg.listenAddress}:${toString cfg.port}"; }; }; - }; - # Configure distributed builds - nix = { - settings.builders-use-substitutes = true; - distributedBuilds = true; - buildMachines = [ - { - hostName = "pi5.local"; - system = "aarch64-linux"; - maxJobs = 4; - sshUser = "matt"; - supportedFeatures = [ - "nixos-test" - "benchmark" - "big-parallel" - "kvm" + # Include the attic watch-store service and rebuild cache services + systemd.services = { + attic-watch-store = { + enable = true; + description = "watch store for cache"; + serviceConfig = { + Type = "simple"; + User = "admin"; + Group = "jallen-nas"; + WorkingDirectory = "/etc/nixos"; + StandardOutput = "journal+console"; + StandardError = "journal+console"; + Restart = "always"; + RestartSec = "5"; + }; + path = with pkgs; [ + bash + attic-client ]; - } - ]; + script = '' + #!/usr/bin/env bash + attic watch-store nas-cache + ''; + }; + + nix-rebuild-cache = { + enable = true; + description = "Rebuild NixOS configurations for cache"; + serviceConfig = { + Type = "oneshot"; + User = "admin"; + Group = "jallen-nas"; + WorkingDirectory = "/etc/nixos"; + StandardOutput = "journal+console"; + StandardError = "journal+console"; + Restart = "no"; + TimeoutStartSec = "2h"; + }; + path = with pkgs; [ + nix + git + coreutils + gnugrep + gnused + openssh + ]; + script = '' + #!/usr/bin/env bash + if [ -d .git ]; then + git pull || echo "Warning: Could not pull latest changes" + git stash + git pull || echo "Warning: Could not pull latest changes after stash" + return 1 + fi + echo "Updating flake at $(date)" + if nix flake update; then + echo "flake updated successfully at $(date)" + else + echo "failed to update flake $(date)" + fi + + if nix flake check; then + echo "flake checked successfully at $(date)" + else + echo "flake check failed at $(date)" + git reset --hard + fi + + if nh os build --hostname=jallen-nas --out-link=result-nas; then + echo "nas built successfully at $(date)" + fi; + + if nh os build --hostname=nuc-nixos --out-link=result-nuc; then + echo "nuc built successfully at $(date)" + fi; + + if nh os build --hostname=matt-nixos --out-link=result-desktop; then + echo "desktop built successfully at $(date)" + fi; + + if nh os build --hostname=steamdeck --out-link=result-steamdeck; then + echo "steamdeck built successfully at $(date)" + fi; + + if nh os build --hostname=pi4 --out-link=result-pi4; then + echo "pi4 built successfully at $(date)" + fi; + + if nh os build --hostname=pi5 --out-link=result-pi5; then + echo "pi5 built successfully at $(date)" + fi; + ''; + }; + }; + + # Include timers for cache rebuilds + systemd.timers = { + nix-rebuild-cache = { + description = "Timer for rebuilding NixOS configurations cache"; + wantedBy = [ "timers.target" ]; + timerConfig = { + OnCalendar = "weekly"; + Persistent = true; + RandomizedDelaySec = "24h"; + }; + }; + }; + + # Configure distributed builds + nix = { + settings.builders-use-substitutes = true; + distributedBuilds = true; + buildMachines = [ + { + hostName = "pi5.local"; + system = "aarch64-linux"; + maxJobs = 4; + sshUser = "matt"; + supportedFeatures = [ + "nixos-test" + "benchmark" + "big-parallel" + "kvm" + ]; + } + ]; + }; }; }; +in +{ + imports = [ atticConfig ]; } diff --git a/modules/nixos/services/attic/options.nix b/modules/nixos/services/attic/options.nix deleted file mode 100644 index 086c275..0000000 --- a/modules/nixos/services/attic/options.nix +++ /dev/null @@ -1,31 +0,0 @@ -{ lib, namespace, ... }: -with lib; -{ - options.${namespace}.services.attic = { - enable = mkEnableOption "attic binary cache daemon"; - - port = mkOption { - type = types.port; - default = 9012; - description = "Port for attic cache daemon"; - }; - - openFirewall = mkOption { - type = types.bool; - default = true; - description = "Whether to open firewall for attic"; - }; - - environmentFile = mkOption { - type = types.nullOr types.path; - default = null; - description = "Path to environment file containing attic secrets"; - }; - - listenAddress = mkOption { - type = types.str; - default = "[::1]"; - description = "Address to listen on"; - }; - }; -}