diff --git a/modules/nixos-modules/ollama/storage.nix b/modules/nixos-modules/ollama/storage.nix index 65bbe26..6ab0fc8 100644 --- a/modules/nixos-modules/ollama/storage.nix +++ b/modules/nixos-modules/ollama/storage.nix @@ -10,40 +10,28 @@ }; }; - config = lib.mkIf config.services.ollama.enable ( - lib.mkMerge [ - (lib.mkIf config.storage.zfs.enable (lib.mkMerge [ - { - # Ollama needs persistent storage for models and configuration - } - (lib.mkIf (!config.services.ollama.impermanence.enable) { - # TODO: placeholder to configure a unique dataset for this service - }) - (lib.mkIf config.services.ollama.impermanence.enable { - storage.impermanence.datasets."persist/replicate/system/root" = { - directories."/var/lib/private/ollama" = { - enable = true; - owner.name = config.services.ollama.user; - group.name = config.services.ollama.group; - owner.permissions = { - read = true; - write = true; - execute = false; - }; - group.permissions = { - read = false; - write = false; - execute = false; - }; - other.permissions = { - read = false; - write = false; - execute = false; - }; - }; - }; - }) - ])) - ] - ); + config = lib.mkIf (config.services.ollama.enable) { + storage.datasets.replicate."system/root" = { + directories."/var/lib/private/ollama" = lib.mkIf config.services.ollama.impermanence.enable { + enable = true; + owner.name = config.services.ollama.user; + group.name = config.services.ollama.group; + owner.permissions = { + read = true; + write = true; + execute = false; + }; + group.permissions = { + read = false; + write = false; + execute = false; + }; + other.permissions = { + read = false; + write = false; + execute = false; + }; + }; + }; + }; } diff --git a/modules/nixos-modules/server/actual/storage.nix b/modules/nixos-modules/server/actual/storage.nix index cec2eab..d6b904e 100644 --- a/modules/nixos-modules/server/actual/storage.nix +++ b/modules/nixos-modules/server/actual/storage.nix @@ -11,31 +11,12 @@ in { default = config.services.actual.enable && config.storage.impermanence.enable; }; - config = lib.mkIf config.services.actual.enable (lib.mkMerge [ - (lib.mkIf config.storage.zfs.enable (lib.mkMerge [ - { - assertions = [ - { - assertion = config.services.actual.settings.dataDir == dataDirectory; - message = "actual data location does not match persistence\nconfig directory: ${config.services.actual.settings.dataDir}\npersistence directory: ${dataDirectory}"; - } - { - assertion = config.systemd.services.actual.serviceConfig.DynamicUser or false; - message = "actual systemd service must have DynamicUser enabled to use private directory"; - } - ]; - } - (lib.mkIf (!config.services.actual.impermanence.enable) { - # TODO: placeholder to configure a unique dataset for this service - }) - (lib.mkIf config.services.actual.impermanence.enable { - storage.impermanence.datasets."persist/replicate/system/root" = { - directories."${dataDirectory}" = { - owner.name = "actual"; - group.name = "actual"; - }; - }; - }) - ])) - ]); + config = lib.mkIf config.services.actual.enable { + storage.datasets.replicate."system/root" = { + directories."${dataDirectory}" = lib.mkIf config.services.actual.impermanence.enable { + owner.name = "actual"; + group.name = "actual"; + }; + }; + }; } diff --git a/modules/nixos-modules/server/bazarr/storage.nix b/modules/nixos-modules/server/bazarr/storage.nix index c8c7d1d..a243d4c 100644 --- a/modules/nixos-modules/server/bazarr/storage.nix +++ b/modules/nixos-modules/server/bazarr/storage.nix @@ -10,27 +10,12 @@ in { default = config.services.bazarr.enable && config.storage.impermanence.enable; }; - config = lib.mkIf config.services.bazarr.enable (lib.mkMerge [ - (lib.mkIf config.storage.zfs.enable (lib.mkMerge [ - { - assertions = [ - { - assertion = config.services.bazarr.dataDir == bazarr_data_directory; - message = "bazarr data directory does not match persistence"; - } - ]; - } - (lib.mkIf (!config.services.bazarr.impermanence.enable) { - # TODO: placeholder to configure a unique dataset for this service - }) - (lib.mkIf config.services.bazarr.impermanence.enable { - storage.impermanence.datasets."persist/replicate/system/root" = { - directories."${bazarr_data_directory}" = { - owner.name = "bazarr"; - group.name = "bazarr"; - }; - }; - }) - ])) - ]); + config = lib.mkIf config.services.bazarr.enable { + storage.datasets.replicate."system/root" = { + directories."${bazarr_data_directory}" = lib.mkIf config.services.bazarr.impermanence.enable { + owner.name = "bazarr"; + group.name = "bazarr"; + }; + }; + }; } diff --git a/modules/nixos-modules/server/crab-hole/storage.nix b/modules/nixos-modules/server/crab-hole/storage.nix index caacdf8..827fb25 100644 --- a/modules/nixos-modules/server/crab-hole/storage.nix +++ b/modules/nixos-modules/server/crab-hole/storage.nix @@ -10,28 +10,12 @@ in { default = config.services.crab-hole.enable && config.storage.impermanence.enable; }; - config = lib.mkIf config.services.crab-hole.enable (lib.mkMerge [ - (lib.mkIf config.storage.zfs.enable (lib.mkMerge [ - { - assertions = [ - { - assertion = - config.systemd.services.crab-hole.serviceConfig.WorkingDirectory == (builtins.replaceStrings ["/private"] [""] workingDirectory); - message = "crab-hole working directory does not match persistence"; - } - ]; - } - (lib.mkIf (!config.services.crab-hole.impermanence.enable) { - # TODO: placeholder to configure a unique dataset for this service - }) - (lib.mkIf config.services.crab-hole.impermanence.enable { - storage.impermanence.datasets."persist/replicate/system/root" = { - directories."${workingDirectory}" = { - owner.name = "crab-hole"; - group.name = "crab-hole"; - }; - }; - }) - ])) - ]); + config = lib.mkIf config.services.crab-hole.enable { + storage.datasets.replicate."system/root" = { + directories."${workingDirectory}" = lib.mkIf config.services.crab-hole.impermanence.enable { + owner.name = "crab-hole"; + group.name = "crab-hole"; + }; + }; + }; } diff --git a/modules/nixos-modules/server/fail2ban/storage.nix b/modules/nixos-modules/server/fail2ban/storage.nix index 02ad3f0..1ef02c7 100644 --- a/modules/nixos-modules/server/fail2ban/storage.nix +++ b/modules/nixos-modules/server/fail2ban/storage.nix @@ -11,27 +11,12 @@ in { default = config.services.fail2ban.enable && config.storage.impermanence.enable; }; - config = lib.mkIf config.services.fail2ban.enable (lib.mkMerge [ - (lib.mkIf config.storage.zfs.enable (lib.mkMerge [ - { - assertions = [ - { - assertion = config.services.fail2ban.daemonSettings.Definition.dbfile == "${dataFolder}/${dataFile}"; - message = "fail2ban data file does not match persistence"; - } - ]; - } - (lib.mkIf (!config.services.fail2ban.impermanence.enable) { - # TODO: placeholder to configure a unique dataset for this service - }) - (lib.mkIf config.services.fail2ban.impermanence.enable { - storage.impermanence.datasets."persist/replicate/system/root" = { - directories."${dataFolder}" = { - owner.name = "fail2ban"; - group.name = "fail2ban"; - }; - }; - }) - ])) - ]); + config = lib.mkIf config.services.fail2ban.enable { + storage.datasets.replicate."system/root" = { + directories."${dataFolder}" = lib.mkIf config.services.fail2ban.impermanence.enable { + owner.name = "fail2ban"; + group.name = "fail2ban"; + }; + }; + }; } diff --git a/modules/nixos-modules/server/flaresolverr/storage.nix b/modules/nixos-modules/server/flaresolverr/storage.nix index da52480..919318c 100644 --- a/modules/nixos-modules/server/flaresolverr/storage.nix +++ b/modules/nixos-modules/server/flaresolverr/storage.nix @@ -8,19 +8,12 @@ default = config.services.flaresolverr.enable && config.storage.impermanence.enable; }; - config = lib.mkIf config.services.flaresolverr.enable (lib.mkMerge [ - (lib.mkIf config.storage.zfs.enable (lib.mkMerge [ - (lib.mkIf (!config.services.flaresolverr.impermanence.enable) { - # TODO: placeholder to configure a unique dataset for this service - }) - (lib.mkIf config.services.flaresolverr.impermanence.enable { - storage.impermanence.datasets."persist/replicate/system/root" = { - directories."/var/lib/flaresolverr" = { - owner.name = "flaresolverr"; - group.name = "flaresolverr"; - }; - }; - }) - ])) - ]); + config = lib.mkIf config.services.flaresolverr.enable { + storage.datasets.replicate."system/root" = { + directories."/var/lib/flaresolverr" = lib.mkIf config.services.flaresolverr.impermanence.enable { + owner.name = "flaresolverr"; + group.name = "flaresolverr"; + }; + }; + }; } diff --git a/modules/nixos-modules/server/forgejo/storage.nix b/modules/nixos-modules/server/forgejo/storage.nix index d7b54b9..da30ed9 100644 --- a/modules/nixos-modules/server/forgejo/storage.nix +++ b/modules/nixos-modules/server/forgejo/storage.nix @@ -10,27 +10,12 @@ in { default = config.services.forgejo.enable && config.storage.impermanence.enable; }; - config = lib.mkIf config.services.forgejo.enable (lib.mkMerge [ - (lib.mkIf config.storage.zfs.enable (lib.mkMerge [ - { - assertions = [ - { - assertion = config.services.forgejo.stateDir == stateDir; - message = "forgejo state directory does not match persistence"; - } - ]; - } - (lib.mkIf (!config.services.forgejo.impermanence.enable) { - # TODO: placeholder to configure a unique dataset for this service - }) - (lib.mkIf config.services.forgejo.impermanence.enable { - storage.impermanence.datasets."persist/replicate/system/root" = { - directories."${stateDir}" = { - owner.name = "forgejo"; - group.name = "forgejo"; - }; - }; - }) - ])) - ]); + config = lib.mkIf config.services.forgejo.enable { + storage.datasets.replicate."system/root" = { + directories."${stateDir}" = lib.mkIf config.services.forgejo.impermanence.enable { + owner.name = "forgejo"; + group.name = "forgejo"; + }; + }; + }; } diff --git a/modules/nixos-modules/server/home-assistant/storage.nix b/modules/nixos-modules/server/home-assistant/storage.nix index 00831c4..60e5085 100644 --- a/modules/nixos-modules/server/home-assistant/storage.nix +++ b/modules/nixos-modules/server/home-assistant/storage.nix @@ -10,27 +10,12 @@ in { default = config.services.home-assistant.enable && config.storage.impermanence.enable; }; - config = lib.mkIf config.services.home-assistant.enable (lib.mkMerge [ - (lib.mkIf config.storage.zfs.enable (lib.mkMerge [ - { - assertions = [ - { - assertion = config.services.home-assistant.configDir == configDir; - message = "home assistant config directory does not match persistence"; - } - ]; - } - (lib.mkIf (!config.services.home-assistant.impermanence.enable) { - # TODO: placeholder to configure a unique dataset for this service - }) - (lib.mkIf config.services.home-assistant.impermanence.enable { - storage.impermanence.datasets."persist/replicate/system/root" = { - directories."${configDir}" = { - owner.name = "hass"; - group.name = "hass"; - }; - }; - }) - ])) - ]); + config = lib.mkIf config.services.home-assistant.enable { + storage.datasets.replicate."system/root" = { + directories."${configDir}" = lib.mkIf config.services.home-assistant.impermanence.enable { + owner.name = "hass"; + group.name = "hass"; + }; + }; + }; } diff --git a/modules/nixos-modules/server/immich/storage.nix b/modules/nixos-modules/server/immich/storage.nix index cd9f935..de24329 100644 --- a/modules/nixos-modules/server/immich/storage.nix +++ b/modules/nixos-modules/server/immich/storage.nix @@ -10,27 +10,12 @@ in { default = config.services.immich.enable && config.storage.impermanence.enable; }; - config = lib.mkIf config.services.immich.enable (lib.mkMerge [ - (lib.mkIf config.storage.zfs.enable (lib.mkMerge [ - { - assertions = [ - { - assertion = config.services.immich.mediaLocation == mediaLocation; - message = "immich media location does not match persistence"; - } - ]; - } - (lib.mkIf (!config.services.immich.impermanence.enable) { - # TODO: placeholder to configure a unique dataset for this service - }) - (lib.mkIf config.services.immich.impermanence.enable { - storage.impermanence.datasets."persist/replicate/system/root" = { - directories."${mediaLocation}" = { - owner.name = "immich"; - group.name = "immich"; - }; - }; - }) - ])) - ]); + config = lib.mkIf config.services.immich.enable { + storage.datasets.replicate."system/root" = { + directories."${mediaLocation}" = lib.mkIf config.services.immich.impermanence.enable { + owner.name = "immich"; + group.name = "immich"; + }; + }; + }; } diff --git a/modules/nixos-modules/server/jackett/storage.nix b/modules/nixos-modules/server/jackett/storage.nix index eaa0bc9..5f202e6 100644 --- a/modules/nixos-modules/server/jackett/storage.nix +++ b/modules/nixos-modules/server/jackett/storage.nix @@ -10,27 +10,12 @@ in { default = config.services.jackett.enable && config.storage.impermanence.enable; }; - config = lib.mkIf config.services.jackett.enable (lib.mkMerge [ - (lib.mkIf config.storage.zfs.enable (lib.mkMerge [ - { - assertions = [ - { - assertion = config.services.jackett.dataDir == jackett_data_directory; - message = "jackett data directory does not match persistence"; - } - ]; - } - (lib.mkIf (!config.services.jackett.impermanence.enable) { - # TODO: placeholder to configure a unique dataset for this service - }) - (lib.mkIf config.services.jackett.impermanence.enable { - storage.impermanence.datasets."persist/replicate/system/root" = { - directories."${jackett_data_directory}" = { - owner.name = "jackett"; - group.name = "jackett"; - }; - }; - }) - ])) - ]); + config = lib.mkIf config.services.jackett.enable { + storage.datasets.replicate."system/root" = { + directories."${jackett_data_directory}" = lib.mkIf config.services.jackett.impermanence.enable { + owner.name = "jackett"; + group.name = "jackett"; + }; + }; + }; } diff --git a/modules/nixos-modules/server/jellyfin/storage.nix b/modules/nixos-modules/server/jellyfin/storage.nix index 79d0605..98f7a8c 100644 --- a/modules/nixos-modules/server/jellyfin/storage.nix +++ b/modules/nixos-modules/server/jellyfin/storage.nix @@ -11,66 +11,47 @@ in { default = config.services.jellyfin.enable && config.storage.impermanence.enable; }; - config = lib.mkIf config.services.jellyfin.enable (lib.mkMerge [ - (lib.mkIf config.storage.zfs.enable (lib.mkMerge [ - { - assertions = [ - { - assertion = config.services.jellyfin.dataDir == jellyfin_data_directory; - message = "jellyfin data directory does not match persistence"; - } - { - assertion = config.services.jellyfin.cacheDir == jellyfin_cache_directory; - message = "jellyfin cache directory does not match persistence"; - } - ]; - } - (lib.mkIf (!config.services.jellyfin.impermanence.enable) { - # TODO: placeholder to configure a unique dataset for this service - }) - (lib.mkIf config.services.jellyfin.impermanence.enable { - storage.impermanence.datasets = { - "persist/replicate/system/root" = { - directories = { - "${jellyfin_data_directory}" = { - enable = true; - owner.name = "jellyfin"; - group.name = "jellyfin"; - }; - "${jellyfin_cache_directory}" = { - enable = true; - owner.name = "jellyfin"; - group.name = "jellyfin"; - }; - }; + config = lib.mkIf config.services.jellyfin.enable { + storage.datasets.replicate = { + "system/root" = { + directories = { + "${jellyfin_data_directory}" = lib.mkIf config.services.jellyfin.impermanence.enable { + enable = true; + owner.name = "jellyfin"; + group.name = "jellyfin"; }; - "persist/replicate/system/jellyfin" = { - atime = "off"; - relatime = "off"; - - directories."${config.services.jellyfin.media_directory}" = { - enable = true; - owner.name = "jellyfin"; - group.name = "jellyfin_media"; - owner.permissions = { - read = true; - write = true; - execute = true; - }; - group.permissions = { - read = true; - write = true; - execute = true; - }; - other.permissions = { - read = false; - write = false; - execute = false; - }; - }; + "${jellyfin_cache_directory}" = lib.mkIf config.services.jellyfin.impermanence.enable { + enable = true; + owner.name = "jellyfin"; + group.name = "jellyfin"; }; }; - }) - ])) - ]); + }; + "system/jellyfin" = { + atime = "off"; + relatime = "off"; + + directories."${config.services.jellyfin.media_directory}" = lib.mkIf config.services.jellyfin.impermanence.enable { + enable = true; + owner.name = "jellyfin"; + group.name = "jellyfin_media"; + owner.permissions = { + read = true; + write = true; + execute = true; + }; + group.permissions = { + read = true; + write = true; + execute = true; + }; + other.permissions = { + read = false; + write = false; + execute = false; + }; + }; + }; + }; + }; } diff --git a/modules/nixos-modules/server/lidarr/storage.nix b/modules/nixos-modules/server/lidarr/storage.nix index 57c568c..c4c020e 100644 --- a/modules/nixos-modules/server/lidarr/storage.nix +++ b/modules/nixos-modules/server/lidarr/storage.nix @@ -10,27 +10,12 @@ in { default = config.services.lidarr.enable && config.storage.impermanence.enable; }; - config = lib.mkIf config.services.lidarr.enable (lib.mkMerge [ - (lib.mkIf config.storage.zfs.enable (lib.mkMerge [ - { - assertions = [ - { - assertion = config.services.lidarr.dataDir == lidarr_data_directory; - message = "lidarr data directory does not match persistence"; - } - ]; - } - (lib.mkIf (!config.services.lidarr.impermanence.enable) { - # TODO: placeholder to configure a unique dataset for this service - }) - (lib.mkIf config.services.lidarr.impermanence.enable { - storage.impermanence.datasets."persist/replicate/system/root" = { - directories."${lidarr_data_directory}" = { - owner.name = "lidarr"; - group.name = "lidarr"; - }; - }; - }) - ])) - ]); + config = lib.mkIf config.services.lidarr.enable { + storage.datasets.replicate."system/root" = { + directories."${lidarr_data_directory}" = lib.mkIf config.services.lidarr.impermanence.enable { + owner.name = "lidarr"; + group.name = "lidarr"; + }; + }; + }; } diff --git a/modules/nixos-modules/server/panoramax/storage.nix b/modules/nixos-modules/server/panoramax/storage.nix index 164c9bb..b36e087 100644 --- a/modules/nixos-modules/server/panoramax/storage.nix +++ b/modules/nixos-modules/server/panoramax/storage.nix @@ -8,26 +8,12 @@ default = config.services.panoramax.enable && config.storage.impermanence.enable; }; - config = lib.mkIf config.services.panoramax.enable (lib.mkMerge [ - (lib.mkIf config.storage.zfs.enable (lib.mkMerge [ - { - # TODO: configure impermanence for panoramax data - # This would typically include directories like: - # - /var/lib/panoramax - # - panoramax storage directories - # - any cache or temporary directories that need to persist - } - (lib.mkIf (!config.services.panoramax.impermanence.enable) { - # TODO: placeholder to configure a unique dataset for this service - }) - (lib.mkIf config.services.panoramax.impermanence.enable { - storage.impermanence.datasets."persist/replicate/system/root" = { - directories."/var/lib/panoramax" = { - owner.name = "panoramax"; - group.name = "panoramax"; - }; - }; - }) - ])) - ]); + config = lib.mkIf config.services.panoramax.enable { + storage.datasets.replicate."system/root" = { + directories."/var/lib/panoramax" = lib.mkIf config.services.panoramax.impermanence.enable { + owner.name = "panoramax"; + group.name = "panoramax"; + }; + }; + }; } diff --git a/modules/nixos-modules/server/paperless/storage.nix b/modules/nixos-modules/server/paperless/storage.nix index 381e45b..6e17bc2 100644 --- a/modules/nixos-modules/server/paperless/storage.nix +++ b/modules/nixos-modules/server/paperless/storage.nix @@ -10,27 +10,12 @@ in { default = config.services.paperless.enable && config.storage.impermanence.enable; }; - config = lib.mkIf config.services.paperless.enable (lib.mkMerge [ - (lib.mkIf config.storage.zfs.enable (lib.mkMerge [ - { - assertions = [ - { - assertion = config.services.paperless.dataDir == dataDir; - message = "paperless data location does not match persistence"; - } - ]; - } - (lib.mkIf (!config.services.paperless.impermanence.enable) { - # TODO: placeholder to configure a unique dataset for this service - }) - (lib.mkIf config.services.paperless.impermanence.enable { - storage.impermanence.datasets."persist/replicate/system/root" = { - directories."${dataDir}" = { - owner.name = "paperless"; - group.name = "paperless"; - }; - }; - }) - ])) - ]); + config = lib.mkIf config.services.paperless.enable { + storage.datasets.replicate."system/root" = { + directories."${dataDir}" = lib.mkIf config.services.paperless.impermanence.enable { + owner.name = "paperless"; + group.name = "paperless"; + }; + }; + }; } diff --git a/modules/nixos-modules/server/postgres/storage.nix b/modules/nixos-modules/server/postgres/storage.nix index 068c93f..58a84a6 100644 --- a/modules/nixos-modules/server/postgres/storage.nix +++ b/modules/nixos-modules/server/postgres/storage.nix @@ -10,27 +10,12 @@ in { default = config.services.postgresql.enable && config.storage.impermanence.enable; }; - config = lib.mkIf config.services.postgresql.enable (lib.mkMerge [ - (lib.mkIf config.storage.zfs.enable (lib.mkMerge [ - { - assertions = [ - { - assertion = config.services.postgresql.dataDir == dataDir; - message = "postgres data directory does not match persistence"; - } - ]; - } - (lib.mkIf (!config.services.postgresql.impermanence.enable) { - # TODO: placeholder to configure a unique dataset for this service - }) - (lib.mkIf config.services.postgresql.impermanence.enable { - storage.impermanence.datasets."persist/replicate/system/root" = { - directories."${dataDir}" = { - owner.name = "postgres"; - group.name = "postgres"; - }; - }; - }) - ])) - ]); + config = lib.mkIf config.services.postgresql.enable { + storage.datasets.replicate."system/root" = { + directories."${dataDir}" = lib.mkIf config.services.postgresql.impermanence.enable { + owner.name = "postgres"; + group.name = "postgres"; + }; + }; + }; } diff --git a/modules/nixos-modules/server/qbittorent/storage.nix b/modules/nixos-modules/server/qbittorent/storage.nix index 32244ca..8dabab8 100644 --- a/modules/nixos-modules/server/qbittorent/storage.nix +++ b/modules/nixos-modules/server/qbittorent/storage.nix @@ -10,53 +10,35 @@ in { default = config.services.qbittorrent.enable && config.storage.impermanence.enable; }; - config = lib.mkIf config.services.qbittorrent.enable (lib.mkMerge [ - (lib.mkIf config.storage.zfs.enable (lib.mkMerge [ - { - assertions = [ - { - assertion = config.services.qbittorrent.profileDir == qbittorent_profile_directory; - message = "qbittorrent data directory does not match persistence"; - } - ]; - } - (lib.mkIf (!config.services.qbittorrent.impermanence.enable) { - # TODO: placeholder to configure a unique dataset for this service - }) - ( - lib.mkIf config.services.qbittorrent.impermanence.enable - { - storage.impermanence.datasets = { - "persist/replicate/system/root" = { - directories."${qbittorent_profile_directory}" = { - owner.name = "qbittorrent"; - group.name = "qbittorrent"; - }; - }; - "persist/replicate/system/qbittorrent" = { - directories."${config.services.qbittorrent.mediaDir}" = { - owner.name = "qbittorrent"; - group.name = "qbittorrent"; - owner.permissions = { - read = true; - write = true; - execute = true; - }; - group.permissions = { - read = true; - write = true; - execute = true; - }; - other.permissions = { - read = true; - write = false; - execute = true; - }; - }; - }; + config = lib.mkIf config.services.qbittorrent.enable { + storage.datasets.replicate = { + "system/root" = { + directories."${qbittorent_profile_directory}" = lib.mkIf config.services.qbittorrent.impermanence.enable { + owner.name = "qbittorrent"; + group.name = "qbittorrent"; + }; + }; + "system/qbittorrent" = { + directories."${config.services.qbittorrent.mediaDir}" = lib.mkIf config.services.qbittorrent.impermanence.enable { + owner.name = "qbittorrent"; + group.name = "qbittorrent"; + owner.permissions = { + read = true; + write = true; + execute = true; }; - } - ) - ])) - ]); + group.permissions = { + read = true; + write = true; + execute = true; + }; + other.permissions = { + read = true; + write = false; + execute = true; + }; + }; + }; + }; + }; } diff --git a/modules/nixos-modules/server/radarr/storage.nix b/modules/nixos-modules/server/radarr/storage.nix index a9b4901..8f991c0 100644 --- a/modules/nixos-modules/server/radarr/storage.nix +++ b/modules/nixos-modules/server/radarr/storage.nix @@ -10,27 +10,12 @@ in { default = config.services.radarr.enable && config.storage.impermanence.enable; }; - config = lib.mkIf config.services.radarr.enable (lib.mkMerge [ - (lib.mkIf config.storage.zfs.enable (lib.mkMerge [ - { - assertions = [ - { - assertion = config.services.radarr.dataDir == radarr_data_directory; - message = "radarr data directory does not match persistence"; - } - ]; - } - (lib.mkIf (!config.services.radarr.impermanence.enable) { - # TODO: placeholder to configure a unique dataset for this service - }) - (lib.mkIf config.services.radarr.impermanence.enable { - storage.impermanence.datasets."persist/replicate/system/root" = { - directories."${radarr_data_directory}" = { - owner.name = "radarr"; - group.name = "radarr"; - }; - }; - }) - ])) - ]); + config = lib.mkIf config.services.radarr.enable { + storage.datasets.replicate."system/root" = { + directories."${radarr_data_directory}" = lib.mkIf config.services.radarr.impermanence.enable { + owner.name = "radarr"; + group.name = "radarr"; + }; + }; + }; } diff --git a/modules/nixos-modules/server/reverseProxy/storage.nix b/modules/nixos-modules/server/reverseProxy/storage.nix index 29a3120..62b5451 100644 --- a/modules/nixos-modules/server/reverseProxy/storage.nix +++ b/modules/nixos-modules/server/reverseProxy/storage.nix @@ -10,19 +10,12 @@ in { default = config.services.reverseProxy.enable && config.storage.impermanence.enable; }; - config = lib.mkIf config.services.reverseProxy.enable (lib.mkMerge [ - (lib.mkIf config.storage.zfs.enable (lib.mkMerge [ - (lib.mkIf (!config.services.reverseProxy.impermanence.enable) { - # TODO: placeholder to configure a unique dataset for this service - }) - (lib.mkIf config.services.reverseProxy.impermanence.enable { - storage.impermanence.datasets."persist/replicate/system/root" = { - directories."${dataDir}" = { - owner.name = "acme"; - group.name = "acme"; - }; - }; - }) - ])) - ]); + config = lib.mkIf config.services.reverseProxy.enable { + storage.datasets.replicate."system/root" = { + directories."${dataDir}" = lib.mkIf config.services.reverseProxy.impermanence.enable { + owner.name = "acme"; + group.name = "acme"; + }; + }; + }; } diff --git a/modules/nixos-modules/server/sonarr/storage.nix b/modules/nixos-modules/server/sonarr/storage.nix index aebd0a9..8587751 100644 --- a/modules/nixos-modules/server/sonarr/storage.nix +++ b/modules/nixos-modules/server/sonarr/storage.nix @@ -10,27 +10,12 @@ in { default = config.services.sonarr.enable && config.storage.impermanence.enable; }; - config = lib.mkIf config.services.sonarr.enable (lib.mkMerge [ - (lib.mkIf config.storage.zfs.enable (lib.mkMerge [ - { - assertions = [ - { - assertion = config.services.sonarr.dataDir == sonarr_data_directory; - message = "sonarr data directory does not match persistence"; - } - ]; - } - (lib.mkIf (!config.services.sonarr.impermanence.enable) { - # TODO: placeholder to configure a unique dataset for this service - }) - (lib.mkIf config.services.sonarr.impermanence.enable { - storage.impermanence.datasets."persist/replicate/system/root" = { - directories."${sonarr_data_directory}" = { - owner.name = "sonarr"; - group.name = "sonarr"; - }; - }; - }) - ])) - ]); + config = lib.mkIf config.services.sonarr.enable { + storage.datasets.replicate."system/root" = { + directories."${sonarr_data_directory}" = lib.mkIf config.services.sonarr.impermanence.enable { + owner.name = "sonarr"; + group.name = "sonarr"; + }; + }; + }; } diff --git a/modules/nixos-modules/ssh.nix b/modules/nixos-modules/ssh.nix index dd70918..6fe8e5c 100644 --- a/modules/nixos-modules/ssh.nix +++ b/modules/nixos-modules/ssh.nix @@ -10,46 +10,35 @@ }; }; - config = lib.mkMerge [ - { - services = { - openssh = { - enable = true; - ports = [22]; - settings = { - PasswordAuthentication = false; - UseDns = true; - X11Forwarding = false; - }; + config = { + services = { + openssh = { + enable = true; + ports = [22]; + settings = { + PasswordAuthentication = false; + UseDns = true; + X11Forwarding = false; }; }; - } - (lib.mkIf config.storage.zfs.enable (lib.mkMerge [ - { - # SSH host keys need to be persisted to maintain server identity - } - (lib.mkIf (!config.services.openssh.impermanence.enable) { - # TODO: placeholder to configure a unique dataset for this service - }) - (lib.mkIf config.services.openssh.impermanence.enable { - storage.impermanence.datasets."persist/replicate/system/root" = { - files = builtins.listToAttrs ( - lib.lists.flatten ( - builtins.map (hostKey: [ - { - name = hostKey.path; - value = {enable = true;}; - } - { - name = "${hostKey.path}.pub"; - value = {enable = true;}; - } - ]) - config.services.openssh.hostKeys - ) - ); - }; - }) - ])) - ]; + }; + + storage.datasets.replicate."system/root" = { + files = lib.mkIf config.services.openssh.impermanence.enable (builtins.listToAttrs ( + lib.lists.flatten ( + builtins.map (hostKey: [ + { + name = hostKey.path; + value = {enable = true;}; + } + { + name = "${hostKey.path}.pub"; + value = {enable = true;}; + } + ]) + config.services.openssh.hostKeys + ) + )); + }; + }; } diff --git a/modules/nixos-modules/sync/storage.nix b/modules/nixos-modules/sync/storage.nix index 7532045..61bf855 100644 --- a/modules/nixos-modules/sync/storage.nix +++ b/modules/nixos-modules/sync/storage.nix @@ -13,45 +13,20 @@ in { }; }; - config = lib.mkIf config.services.syncthing.enable ( - lib.mkMerge [ - (lib.mkIf config.storage.zfs.enable (lib.mkMerge [ - { - # Syncthing needs persistent storage for configuration and data - } - (lib.mkIf (!config.services.syncthing.impermanence.enable) { - # TODO: placeholder to configure a unique dataset for this service - }) - (lib.mkIf config.services.syncthing.impermanence.enable { - assertions = - [ - { - assertion = config.services.syncthing.configDir == configDir; - message = "syncthing config dir does not match persistence"; - } - ] - ++ lib.attrsets.mapAttrsToList (_: folder: { - assertion = lib.strings.hasPrefix mountDir folder.path; - message = "syncthing folder ${folder.label} is stored at ${folder.path} which not under the persisted path of ${mountDir}"; - }) - config.services.syncthing.settings.folders; - - storage.impermanence.datasets."persist/replicate/system/root" = { - directories = { - "${mountDir}" = { - enable = true; - owner.name = "syncthing"; - group.name = "syncthing"; - }; - "${configDir}" = { - enable = true; - owner.name = "syncthing"; - group.name = "syncthing"; - }; - }; - }; - }) - ])) - ] - ); + config = lib.mkIf config.services.syncthing.enable { + storage.datasets.replicate."system/root" = { + directories = { + "${mountDir}" = lib.mkIf config.services.syncthing.impermanence.enable { + enable = true; + owner.name = "syncthing"; + group.name = "syncthing"; + }; + "${configDir}" = lib.mkIf config.services.syncthing.impermanence.enable { + enable = true; + owner.name = "syncthing"; + group.name = "syncthing"; + }; + }; + }; + }; } diff --git a/modules/nixos-modules/tailscale/storage.nix b/modules/nixos-modules/tailscale/storage.nix index a417aaf..7ac7e9a 100644 --- a/modules/nixos-modules/tailscale/storage.nix +++ b/modules/nixos-modules/tailscale/storage.nix @@ -12,25 +12,13 @@ in { }; }; - config = lib.mkIf config.services.tailscale.enable ( - lib.mkMerge [ - (lib.mkIf config.storage.zfs.enable (lib.mkMerge [ - { - # Tailscale needs persistent storage for keys and configuration - } - (lib.mkIf (!config.services.tailscale.impermanence.enable) { - # TODO: placeholder to configure a unique dataset for this service - }) - (lib.mkIf config.services.tailscale.impermanence.enable { - storage.impermanence.datasets."persist/replicate/system/root" = { - directories."${tailscale_data_directory}" = { - enable = true; - owner.name = "root"; - group.name = "root"; - }; - }; - }) - ])) - ] - ); + config = lib.mkIf config.services.tailscale.enable { + storage.datasets.replicate."system/root" = { + directories."${tailscale_data_directory}" = lib.mkIf config.services.tailscale.impermanence.enable { + enable = true; + owner.name = "root"; + group.name = "root"; + }; + }; + }; } diff --git a/modules/nixos-modules/users.nix b/modules/nixos-modules/users.nix index ab123b9..4018db5 100644 --- a/modules/nixos-modules/users.nix +++ b/modules/nixos-modules/users.nix @@ -402,7 +402,7 @@ in { (lib.mkIf config.storage.zfs.enable (lib.mkMerge [ { # sops age key needs to be available to pre persist for user generation - storage.zfs.datasets."persist/local/system/sops" = { + storage.datasets.local."system/sops" = { type = "zfs_fs"; mount = { enable = true; @@ -413,9 +413,9 @@ in { }; } (lib.mkIf (!config.storage.impermanence.enable) { - storage.zfs.datasets = lib.mkMerge ( + storage.datasets.replicate = lib.mkMerge ( builtins.map (user: { - "persist/replicate/home/${user.name}" = { + "home/${user.name}" = { type = "zfs_fs"; mount = { enable = true; @@ -428,9 +428,9 @@ in { ); }) (lib.mkIf config.storage.impermanence.enable { - storage.zfs.datasets = lib.mkMerge ( + storage.datasets.ephemeral = lib.mkMerge ( builtins.map (user: { - "ephemeral/home/${user.name}" = { + "home/${user.name}" = { type = "zfs_fs"; mount = { enable = true;