From d283f881604027bb6f51d0ac8556a8cb7e394c37 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sat, 8 Nov 2025 18:28:34 -0600 Subject: [PATCH] feat: moved ollama, tailscale, and sync into folders following the new storage pattern --- modules/nixos-modules/ollama/default.nix | 6 ++ modules/nixos-modules/{ => ollama}/ollama.nix | 14 ---- modules/nixos-modules/ollama/storage.nix | 49 +++++++++++++ modules/nixos-modules/sync.nix | 69 ------------------- modules/nixos-modules/sync/default.nix | 6 ++ modules/nixos-modules/sync/storage.nix | 57 +++++++++++++++ modules/nixos-modules/sync/sync.nix | 36 ++++++++++ modules/nixos-modules/tailscale.nix | 34 --------- modules/nixos-modules/tailscale/default.nix | 6 ++ modules/nixos-modules/tailscale/storage.nix | 36 ++++++++++ modules/nixos-modules/tailscale/tailscale.nix | 19 +++++ 11 files changed, 215 insertions(+), 117 deletions(-) create mode 100644 modules/nixos-modules/ollama/default.nix rename modules/nixos-modules/{ => ollama}/ollama.nix (63%) create mode 100644 modules/nixos-modules/ollama/storage.nix delete mode 100644 modules/nixos-modules/sync.nix create mode 100644 modules/nixos-modules/sync/default.nix create mode 100644 modules/nixos-modules/sync/storage.nix create mode 100644 modules/nixos-modules/sync/sync.nix delete mode 100644 modules/nixos-modules/tailscale.nix create mode 100644 modules/nixos-modules/tailscale/default.nix create mode 100644 modules/nixos-modules/tailscale/storage.nix create mode 100644 modules/nixos-modules/tailscale/tailscale.nix diff --git a/modules/nixos-modules/ollama/default.nix b/modules/nixos-modules/ollama/default.nix new file mode 100644 index 0000000..896526a --- /dev/null +++ b/modules/nixos-modules/ollama/default.nix @@ -0,0 +1,6 @@ +{...}: { + imports = [ + ./ollama.nix + ./storage.nix + ]; +} diff --git a/modules/nixos-modules/ollama.nix b/modules/nixos-modules/ollama/ollama.nix similarity index 63% rename from modules/nixos-modules/ollama.nix rename to modules/nixos-modules/ollama/ollama.nix index 99819bf..dc7cdd9 100644 --- a/modules/nixos-modules/ollama.nix +++ b/modules/nixos-modules/ollama/ollama.nix @@ -27,20 +27,6 @@ allowedUDPPorts = ports; }; })) - (lib.mkIf config.host.impermanence.enable { - environment.persistence."/persist/system/root" = { - enable = true; - hideMounts = true; - directories = [ - { - directory = "/var/lib/private/ollama"; - user = config.services.ollama.user; - group = config.services.ollama.group; - mode = "0700"; - } - ]; - }; - }) ] ); } diff --git a/modules/nixos-modules/ollama/storage.nix b/modules/nixos-modules/ollama/storage.nix new file mode 100644 index 0000000..ff2348e --- /dev/null +++ b/modules/nixos-modules/ollama/storage.nix @@ -0,0 +1,49 @@ +{ + config, + lib, + ... +}: { + options = { + services.ollama.impermanence.enable = lib.mkOption { + type = lib.types.bool; + default = config.services.ollama.enable && config.storage.impermanence.enable; + }; + }; + + config = lib.mkIf config.services.ollama.enable ( + lib.mkMerge [ + (lib.mkIf config.storage.zfs.enable (lib.mkMerge [ + { + # Ollama needs persistent storage for models and configuration + } + (lib.mkIf (!config.services.ollama.impermanence.enable) { + # TODO: placeholder to configure a unique dataset for this service + }) + (lib.mkIf config.services.ollama.impermanence.enable { + storage.impermanence.datasets."persist/system/root" = { + directories."/var/lib/private/ollama" = { + enable = true; + owner.name = config.services.ollama.user; + group.name = config.services.ollama.group; + owner.permissions = { + read = true; + write = true; + execute = false; + }; + group.permissions = { + read = false; + write = false; + execute = false; + }; + other.permissions = { + read = false; + write = false; + execute = false; + }; + }; + }; + }) + ])) + ] + ); +} diff --git a/modules/nixos-modules/sync.nix b/modules/nixos-modules/sync.nix deleted file mode 100644 index 96f54d5..0000000 --- a/modules/nixos-modules/sync.nix +++ /dev/null @@ -1,69 +0,0 @@ -{ - config, - lib, - syncthingConfiguration, - ... -}: let - mountDir = "/mnt/sync"; - configDir = "/etc/syncthing"; -in { - config = lib.mkMerge [ - { - systemd = lib.mkIf config.services.syncthing.enable { - tmpfiles.rules = [ - "A ${mountDir} - - - - u:syncthing:rwX,g:syncthing:rwX,o::-" - "d ${mountDir} 2755 syncthing syncthing -" - "d ${config.services.syncthing.dataDir} 775 syncthing syncthing -" - "d ${config.services.syncthing.configDir} 755 syncthing syncthing -" - ]; - }; - } - (lib.mkIf config.services.syncthing.enable (lib.mkMerge [ - { - services.syncthing = { - user = "syncthing"; - group = "syncthing"; - dataDir = "${mountDir}/default"; - configDir = configDir; - overrideDevices = true; - overrideFolders = true; - configuration = syncthingConfiguration; - deviceName = config.networking.hostName; - }; - } - - (lib.mkIf config.host.impermanence.enable { - assertions = - [ - { - assertion = config.services.syncthing.configDir == configDir; - message = "syncthing config dir does not match persistence"; - } - ] - ++ lib.attrsets.mapAttrsToList (_: folder: { - assertion = lib.strings.hasPrefix mountDir folder.path; - message = "syncthing folder ${folder.label} is stored at ${folder.path} which not under the persisted path of ${mountDir}"; - }) - config.services.syncthing.settings.folders; - environment.persistence = { - "/persist/system/root" = { - enable = true; - hideMounts = true; - directories = [ - { - directory = mountDir; - user = "syncthing"; - group = "syncthing"; - } - { - directory = configDir; - user = "syncthing"; - group = "syncthing"; - } - ]; - }; - }; - }) - ])) - ]; -} diff --git a/modules/nixos-modules/sync/default.nix b/modules/nixos-modules/sync/default.nix new file mode 100644 index 0000000..5640417 --- /dev/null +++ b/modules/nixos-modules/sync/default.nix @@ -0,0 +1,6 @@ +{...}: { + imports = [ + ./sync.nix + ./storage.nix + ]; +} diff --git a/modules/nixos-modules/sync/storage.nix b/modules/nixos-modules/sync/storage.nix new file mode 100644 index 0000000..a58a49f --- /dev/null +++ b/modules/nixos-modules/sync/storage.nix @@ -0,0 +1,57 @@ +{ + config, + lib, + ... +}: let + mountDir = "/mnt/sync"; + configDir = "/etc/syncthing"; +in { + options = { + services.syncthing.impermanence.enable = lib.mkOption { + type = lib.types.bool; + default = config.services.syncthing.enable && config.storage.impermanence.enable; + }; + }; + + config = lib.mkIf config.services.syncthing.enable ( + lib.mkMerge [ + (lib.mkIf config.storage.zfs.enable (lib.mkMerge [ + { + # Syncthing needs persistent storage for configuration and data + } + (lib.mkIf (!config.services.syncthing.impermanence.enable) { + # TODO: placeholder to configure a unique dataset for this service + }) + (lib.mkIf config.services.syncthing.impermanence.enable { + assertions = + [ + { + assertion = config.services.syncthing.configDir == configDir; + message = "syncthing config dir does not match persistence"; + } + ] + ++ lib.attrsets.mapAttrsToList (_: folder: { + assertion = lib.strings.hasPrefix mountDir folder.path; + message = "syncthing folder ${folder.label} is stored at ${folder.path} which not under the persisted path of ${mountDir}"; + }) + config.services.syncthing.settings.folders; + + storage.impermanence.datasets."persist/system/root" = { + directories = { + "${mountDir}" = { + enable = true; + owner.name = "syncthing"; + group.name = "syncthing"; + }; + "${configDir}" = { + enable = true; + owner.name = "syncthing"; + group.name = "syncthing"; + }; + }; + }; + }) + ])) + ] + ); +} diff --git a/modules/nixos-modules/sync/sync.nix b/modules/nixos-modules/sync/sync.nix new file mode 100644 index 0000000..28b6e38 --- /dev/null +++ b/modules/nixos-modules/sync/sync.nix @@ -0,0 +1,36 @@ +{ + config, + lib, + syncthingConfiguration, + ... +}: let + mountDir = "/mnt/sync"; + configDir = "/etc/syncthing"; +in { + config = lib.mkMerge [ + { + systemd = lib.mkIf config.services.syncthing.enable { + tmpfiles.rules = [ + "A ${mountDir} - - - - u:syncthing:rwX,g:syncthing:rwX,o::-" + "d ${mountDir} 2755 syncthing syncthing -" + "d ${config.services.syncthing.dataDir} 775 syncthing syncthing -" + "d ${config.services.syncthing.configDir} 755 syncthing syncthing -" + ]; + }; + } + (lib.mkIf config.services.syncthing.enable (lib.mkMerge [ + { + services.syncthing = { + user = "syncthing"; + group = "syncthing"; + dataDir = "${mountDir}/default"; + configDir = configDir; + overrideDevices = true; + overrideFolders = true; + configuration = syncthingConfiguration; + deviceName = config.networking.hostName; + }; + } + ])) + ]; +} diff --git a/modules/nixos-modules/tailscale.nix b/modules/nixos-modules/tailscale.nix deleted file mode 100644 index db664e8..0000000 --- a/modules/nixos-modules/tailscale.nix +++ /dev/null @@ -1,34 +0,0 @@ -{ - config, - lib, - ... -}: let - tailscale_data_directory = "/var/lib/tailscale"; -in { - options.host.tailscale = { - enable = lib.mkEnableOption "should tailscale be enabled on this computer"; - }; - - config = lib.mkIf config.services.tailscale.enable ( - lib.mkMerge [ - { - # any configs we want shared between all machines - } - (lib.mkIf config.host.impermanence.enable { - environment.persistence = { - "/persist/system/root" = { - enable = true; - hideMounts = true; - directories = [ - { - directory = tailscale_data_directory; - user = "root"; - group = "root"; - } - ]; - }; - }; - }) - ] - ); -} diff --git a/modules/nixos-modules/tailscale/default.nix b/modules/nixos-modules/tailscale/default.nix new file mode 100644 index 0000000..7a283e8 --- /dev/null +++ b/modules/nixos-modules/tailscale/default.nix @@ -0,0 +1,6 @@ +{...}: { + imports = [ + ./tailscale.nix + ./storage.nix + ]; +} diff --git a/modules/nixos-modules/tailscale/storage.nix b/modules/nixos-modules/tailscale/storage.nix new file mode 100644 index 0000000..9533aef --- /dev/null +++ b/modules/nixos-modules/tailscale/storage.nix @@ -0,0 +1,36 @@ +{ + config, + lib, + ... +}: let + tailscale_data_directory = "/var/lib/tailscale"; +in { + options = { + services.tailscale.impermanence.enable = lib.mkOption { + type = lib.types.bool; + default = config.services.tailscale.enable && config.storage.impermanence.enable; + }; + }; + + config = lib.mkIf config.services.tailscale.enable ( + lib.mkMerge [ + (lib.mkIf config.storage.zfs.enable (lib.mkMerge [ + { + # Tailscale needs persistent storage for keys and configuration + } + (lib.mkIf (!config.services.tailscale.impermanence.enable) { + # TODO: placeholder to configure a unique dataset for this service + }) + (lib.mkIf config.services.tailscale.impermanence.enable { + storage.impermanence.datasets."persist/system/root" = { + directories."${tailscale_data_directory}" = { + enable = true; + owner.name = "root"; + group.name = "root"; + }; + }; + }) + ])) + ] + ); +} diff --git a/modules/nixos-modules/tailscale/tailscale.nix b/modules/nixos-modules/tailscale/tailscale.nix new file mode 100644 index 0000000..06899b1 --- /dev/null +++ b/modules/nixos-modules/tailscale/tailscale.nix @@ -0,0 +1,19 @@ +{ + config, + lib, + ... +}: { + options = { + host.tailscale = { + enable = lib.mkEnableOption "should tailscale be enabled on this computer"; + }; + }; + + config = lib.mkIf config.services.tailscale.enable ( + lib.mkMerge [ + { + # any configs we want shared between all machines + } + ] + ); +}