jan-leila/nix-config
1
0
Fork 1
Code Issues Pull requests 1 Projects Releases Packages Wiki Activity Actions

feat: moved ollama, tailscale, and sync into folders following the new storage pattern

Browse source
This commit is contained in:
Leyla Becker 2025-11-08 18:28:34 -06:00
parent b67be1472a
commit d283f88160
11 changed files with 215 additions and 117 deletions
Download patch file Download diff file Expand all files Collapse all files

6
modules/nixos-modules/ollama/default.nix Normal file
View file

@ -0,0 +1,6 @@
{...}: {
imports = [
./ollama.nix
./storage.nix
];
}

14
modules/nixos-modules/ollama.nix → modules/nixos-modules/ollama/ollama.nix
View file

@ -27,20 +27,6 @@
allowedUDPPorts = ports;
};
}))
(lib.mkIf config.host.impermanence.enable {
environment.persistence."/persist/system/root" = {
enable = true;
hideMounts = true;
directories = [
{
directory = "/var/lib/private/ollama";
user = config.services.ollama.user;
group = config.services.ollama.group;
mode = "0700";
}
];
};
})
]
);
}

49
modules/nixos-modules/ollama/storage.nix Normal file
View file

@ -0,0 +1,49 @@
{
config,
lib,
...
}: {
options = {
services.ollama.impermanence.enable = lib.mkOption {
type = lib.types.bool;
default = config.services.ollama.enable && config.storage.impermanence.enable;
};
};
config = lib.mkIf config.services.ollama.enable (
lib.mkMerge [
(lib.mkIf config.storage.zfs.enable (lib.mkMerge [
{
# Ollama needs persistent storage for models and configuration
}
(lib.mkIf (!config.services.ollama.impermanence.enable) {
# TODO: placeholder to configure a unique dataset for this service
})
(lib.mkIf config.services.ollama.impermanence.enable {
storage.impermanence.datasets."persist/system/root" = {
directories."/var/lib/private/ollama" = {
enable = true;
owner.name = config.services.ollama.user;
group.name = config.services.ollama.group;
owner.permissions = {
read = true;
write = true;
execute = false;
};
group.permissions = {
read = false;
write = false;
execute = false;
};
other.permissions = {
read = false;
write = false;
execute = false;
};
};
};
})
]))
]
);
}

69
modules/nixos-modules/sync.nix
View file

@ -1,69 +0,0 @@
{
config,
lib,
syncthingConfiguration,
...
}: let
mountDir = "/mnt/sync";
configDir = "/etc/syncthing";
in {
config = lib.mkMerge [
{
systemd = lib.mkIf config.services.syncthing.enable {
tmpfiles.rules = [
"A ${mountDir} - - - - u:syncthing:rwX,g:syncthing:rwX,o::-"
"d ${mountDir} 2755 syncthing syncthing -"
"d ${config.services.syncthing.dataDir} 775 syncthing syncthing -"
"d ${config.services.syncthing.configDir} 755 syncthing syncthing -"
];
};
}
(lib.mkIf config.services.syncthing.enable (lib.mkMerge [
{
services.syncthing = {
user = "syncthing";
group = "syncthing";
dataDir = "${mountDir}/default";
configDir = configDir;
overrideDevices = true;
overrideFolders = true;
configuration = syncthingConfiguration;
deviceName = config.networking.hostName;
};
}
(lib.mkIf config.host.impermanence.enable {
assertions =
[
{
assertion = config.services.syncthing.configDir == configDir;
message = "syncthing config dir does not match persistence";
}
]
++ lib.attrsets.mapAttrsToList (_: folder: {
assertion = lib.strings.hasPrefix mountDir folder.path;
message = "syncthing folder ${folder.label} is stored at ${folder.path} which not under the persisted path of ${mountDir}";
})
config.services.syncthing.settings.folders;
environment.persistence = {
"/persist/system/root" = {
enable = true;
hideMounts = true;
directories = [
{
directory = mountDir;
user = "syncthing";
group = "syncthing";
}
{
directory = configDir;
user = "syncthing";
group = "syncthing";
}
];
};
};
})
]))
];
}

6
modules/nixos-modules/sync/default.nix Normal file
View file

@ -0,0 +1,6 @@
{...}: {
imports = [
./sync.nix
./storage.nix
];
}

57
modules/nixos-modules/sync/storage.nix Normal file
View file

@ -0,0 +1,57 @@
{
config,
lib,
...
}: let
mountDir = "/mnt/sync";
configDir = "/etc/syncthing";
in {
options = {
services.syncthing.impermanence.enable = lib.mkOption {
type = lib.types.bool;
default = config.services.syncthing.enable && config.storage.impermanence.enable;
};
};
config = lib.mkIf config.services.syncthing.enable (
lib.mkMerge [
(lib.mkIf config.storage.zfs.enable (lib.mkMerge [
{
# Syncthing needs persistent storage for configuration and data
}
(lib.mkIf (!config.services.syncthing.impermanence.enable) {
# TODO: placeholder to configure a unique dataset for this service
})
(lib.mkIf config.services.syncthing.impermanence.enable {
assertions =
[
{
assertion = config.services.syncthing.configDir == configDir;
message = "syncthing config dir does not match persistence";
}
]
++ lib.attrsets.mapAttrsToList (_: folder: {
assertion = lib.strings.hasPrefix mountDir folder.path;
message = "syncthing folder ${folder.label} is stored at ${folder.path} which not under the persisted path of ${mountDir}";
})
config.services.syncthing.settings.folders;
storage.impermanence.datasets."persist/system/root" = {
directories = {
"${mountDir}" = {
enable = true;
owner.name = "syncthing";
group.name = "syncthing";
};
"${configDir}" = {
enable = true;
owner.name = "syncthing";
group.name = "syncthing";
};
};
};
})
]))
]
);
}

36
modules/nixos-modules/sync/sync.nix Normal file
View file

@ -0,0 +1,36 @@
{
config,
lib,
syncthingConfiguration,
...
}: let
mountDir = "/mnt/sync";
configDir = "/etc/syncthing";
in {
config = lib.mkMerge [
{
systemd = lib.mkIf config.services.syncthing.enable {
tmpfiles.rules = [
"A ${mountDir} - - - - u:syncthing:rwX,g:syncthing:rwX,o::-"
"d ${mountDir} 2755 syncthing syncthing -"
"d ${config.services.syncthing.dataDir} 775 syncthing syncthing -"
"d ${config.services.syncthing.configDir} 755 syncthing syncthing -"
];
};
}
(lib.mkIf config.services.syncthing.enable (lib.mkMerge [
{
services.syncthing = {
user = "syncthing";
group = "syncthing";
dataDir = "${mountDir}/default";
configDir = configDir;
overrideDevices = true;
overrideFolders = true;
configuration = syncthingConfiguration;
deviceName = config.networking.hostName;
};
}
]))
];
}

34
modules/nixos-modules/tailscale.nix
View file

@ -1,34 +0,0 @@
{
config,
lib,
...
}: let
tailscale_data_directory = "/var/lib/tailscale";
in {
options.host.tailscale = {
enable = lib.mkEnableOption "should tailscale be enabled on this computer";
};
config = lib.mkIf config.services.tailscale.enable (
lib.mkMerge [
{
# any configs we want shared between all machines
}
(lib.mkIf config.host.impermanence.enable {
environment.persistence = {
"/persist/system/root" = {
enable = true;
hideMounts = true;
directories = [
{
directory = tailscale_data_directory;
user = "root";
group = "root";
}
];
};
};
})
]
);
}

6
modules/nixos-modules/tailscale/default.nix Normal file
View file

@ -0,0 +1,6 @@
{...}: {
imports = [
./tailscale.nix
./storage.nix
];
}

36
modules/nixos-modules/tailscale/storage.nix Normal file
View file

@ -0,0 +1,36 @@
{
config,
lib,
...
}: let
tailscale_data_directory = "/var/lib/tailscale";
in {
options = {
services.tailscale.impermanence.enable = lib.mkOption {
type = lib.types.bool;
default = config.services.tailscale.enable && config.storage.impermanence.enable;
};
};
config = lib.mkIf config.services.tailscale.enable (
lib.mkMerge [
(lib.mkIf config.storage.zfs.enable (lib.mkMerge [
{
# Tailscale needs persistent storage for keys and configuration
}
(lib.mkIf (!config.services.tailscale.impermanence.enable) {
# TODO: placeholder to configure a unique dataset for this service
})
(lib.mkIf config.services.tailscale.impermanence.enable {
storage.impermanence.datasets."persist/system/root" = {
directories."${tailscale_data_directory}" = {
enable = true;
owner.name = "root";
group.name = "root";
};
};
})
]))
]
);
}

19
modules/nixos-modules/tailscale/tailscale.nix Normal file
View file

@ -0,0 +1,19 @@
{
config,
lib,
...
}: {
options = {
host.tailscale = {
enable = lib.mkEnableOption "should tailscale be enabled on this computer";
};
};
config = lib.mkIf config.services.tailscale.enable (
lib.mkMerge [
{
# any configs we want shared between all machines
}
]
);
}