jan-leila/nix-config
1
0
Fork 1
Code Issues Pull requests 1 Projects Releases Packages Wiki Activity Actions

storage-refactor #9

Open
jan-leila wants to merge 40 commits from storage-refactor into main
pull from: storage-refactor
merge into: jan-leila:main
Conversation 0 Commits 40 Files changed 118 +718 -640
54 changed files with 718 additions and 640 deletions
Download patch file Download diff file Expand all files Collapse all files
Showing only changes of commit b67be1472a - Show all commits

2
modules/nixos-modules/server/actual/default.nix
View file

@ -3,6 +3,6 @@
./actual.nix
./proxy.nix
./fail2ban.nix
./impermanence.nix
./storage.nix
];
}

37
modules/nixos-modules/server/actual/impermanence.nix
View file

@ -1,37 +0,0 @@
{
lib,
config,
...
}: let
const = import ./const.nix;
dataDirectory = const.dataDirectory;
in {
options.services.actual = {
impermanence.enable = lib.mkOption {
type = lib.types.bool;
default = config.services.actual.enable && config.host.impermanence.enable;
};
};
config = lib.mkIf config.services.actual.impermanence.enable {
assertions = [
{
assertion = config.services.actual.settings.dataDir == dataDirectory;
message = "actual data location does not match persistence\nconfig directory: ${config.services.actual.settings.dataDir}\npersistence directory: ${dataDirectory}";
}
{
assertion = config.systemd.services.actual.serviceConfig.DynamicUser or false;
message = "actual systemd service must have DynamicUser enabled to use private directory";
}
];
environment.persistence."/persist/system/root" = {
directories = [
{
directory = dataDirectory;
user = "actual";
group = "actual";
}
];
};
};
}

41
modules/nixos-modules/server/actual/storage.nix Normal file
View file

@ -0,0 +1,41 @@
{
lib,
config,
...
}: let
const = import ./const.nix;
dataDirectory = const.dataDirectory;
in {
options.services.actual.impermanence.enable = lib.mkOption {
type = lib.types.bool;
default = config.services.actual.enable && config.storage.impermanence.enable;
};
config = lib.mkIf config.services.actual.enable (lib.mkMerge [
(lib.mkIf config.storage.zfs.enable (lib.mkMerge [
{
assertions = [
{
assertion = config.services.actual.settings.dataDir == dataDirectory;
message = "actual data location does not match persistence\nconfig directory: ${config.services.actual.settings.dataDir}\npersistence directory: ${dataDirectory}";
}
{
assertion = config.systemd.services.actual.serviceConfig.DynamicUser or false;
message = "actual systemd service must have DynamicUser enabled to use private directory";
}
];
}
(lib.mkIf (!config.services.actual.impermanence.enable) {
# TODO: placeholder to configure a unique dataset for this service
})
(lib.mkIf config.services.actual.impermanence.enable {
storage.impermanence.datasets."persist/system/root" = {
directories."${dataDirectory}" = {
owner.name = "actual";
group.name = "actual";
};
};
})
]))
]);
}

2
modules/nixos-modules/server/bazarr/default.nix
View file

@ -1,5 +1,5 @@
{...}: {
imports = [
./impermanence.nix
./storage.nix
];
}

33
modules/nixos-modules/server/bazarr/impermanence.nix
View file

@ -1,33 +0,0 @@
{
lib,
config,
...
}: let
bazarr_data_directory = "/var/lib/bazarr";
in {
options.services.bazarr = {
impermanence.enable = lib.mkOption {
type = lib.types.bool;
default = config.services.bazarr.enable && config.host.impermanence.enable;
};
};
config = lib.mkIf config.services.bazarr.impermanence.enable {
assertions = [
{
assertion = config.services.bazarr.dataDir == bazarr_data_directory;
message = "bazarr data directory does not match persistence";
}
];
environment.persistence."/persist/system/root" = {
directories = [
{
directory = bazarr_data_directory;
user = "bazarr";
group = "bazarr";
}
];
};
};
}

36
modules/nixos-modules/server/bazarr/storage.nix Normal file
View file

@ -0,0 +1,36 @@
{
lib,
config,
...
}: let
bazarr_data_directory = "/var/lib/bazarr";
in {
options.services.bazarr.impermanence.enable = lib.mkOption {
type = lib.types.bool;
default = config.services.bazarr.enable && config.storage.impermanence.enable;
};
config = lib.mkIf config.services.bazarr.enable (lib.mkMerge [
(lib.mkIf config.storage.zfs.enable (lib.mkMerge [
{
assertions = [
{
assertion = config.services.bazarr.dataDir == bazarr_data_directory;
message = "bazarr data directory does not match persistence";
}
];
}
(lib.mkIf (!config.services.bazarr.impermanence.enable) {
# TODO: placeholder to configure a unique dataset for this service
})
(lib.mkIf config.services.bazarr.impermanence.enable {
storage.impermanence.datasets."persist/system/root" = {
directories."${bazarr_data_directory}" = {
owner.name = "bazarr";
group.name = "bazarr";
};
};
})
]))
]);
}

2
modules/nixos-modules/server/crab-hole/default.nix
View file

@ -1,6 +1,6 @@
{...}: {
imports = [
./crab-hole.nix
./impermanence.nix
./storage.nix
];
}

33
modules/nixos-modules/server/crab-hole/impermanence.nix
View file

@ -1,33 +0,0 @@
{
lib,
config,
...
}: let
workingDirectory = "/var/lib/private/crab-hole";
in {
options.services.crab-hole = {
impermanence.enable = lib.mkOption {
type = lib.types.bool;
default = config.services.crab-hole.enable && config.host.impermanence.enable;
};
};
config = lib.mkIf config.services.crab-hole.impermanence.enable {
assertions = [
{
assertion =
config.systemd.services.crab-hole.serviceConfig.WorkingDirectory == (builtins.replaceStrings ["/private"] [""] workingDirectory);
message = "crab-hole working directory does not match persistence";
}
];
environment.persistence."/persist/system/root" = {
directories = [
{
directory = workingDirectory;
user = "crab-hole";
group = "crab-hole";
}
];
};
};
}

37
modules/nixos-modules/server/crab-hole/storage.nix Normal file
View file

@ -0,0 +1,37 @@
{
lib,
config,
...
}: let
workingDirectory = "/var/lib/private/crab-hole";
in {
options.services.crab-hole.impermanence.enable = lib.mkOption {
type = lib.types.bool;
default = config.services.crab-hole.enable && config.storage.impermanence.enable;
};
config = lib.mkIf config.services.crab-hole.enable (lib.mkMerge [
(lib.mkIf config.storage.zfs.enable (lib.mkMerge [
{
assertions = [
{
assertion =
config.systemd.services.crab-hole.serviceConfig.WorkingDirectory == (builtins.replaceStrings ["/private"] [""] workingDirectory);
message = "crab-hole working directory does not match persistence";
}
];
}
(lib.mkIf (!config.services.crab-hole.impermanence.enable) {
# TODO: placeholder to configure a unique dataset for this service
})
(lib.mkIf config.services.crab-hole.impermanence.enable {
storage.impermanence.datasets."persist/system/root" = {
directories."${workingDirectory}" = {
owner.name = "crab-hole";
group.name = "crab-hole";
};
};
})
]))
]);
}

2
modules/nixos-modules/server/fail2ban/default.nix
View file

@ -1,6 +1,6 @@
{...}: {
imports = [
./fail2ban.nix
./impermanence.nix
./storage.nix
];
}

34
modules/nixos-modules/server/fail2ban/impermanence.nix
View file

@ -1,34 +0,0 @@
{
lib,
config,
...
}: let
dataFolder = "/var/lib/fail2ban";
dataFile = "fail2ban.sqlite3";
in {
options.services.fail2ban = {
impermanence.enable = lib.mkOption {
type = lib.types.bool;
default = config.services.fail2ban.enable && config.host.impermanence.enable;
};
};
config = lib.mkIf config.services.fail2ban.impermanence.enable {
assertions = [
{
assertion = config.services.fail2ban.daemonSettings.Definition.dbfile == "${dataFolder}/${dataFile}";
message = "fail2ban data file does not match persistence";
}
];
environment.persistence."/persist/system/root" = {
directories = [
{
directory = dataFolder;
user = "fail2ban";
group = "fail2ban";
}
];
};
};
}

37
modules/nixos-modules/server/fail2ban/storage.nix Normal file
View file

@ -0,0 +1,37 @@
{
lib,
config,
...
}: let
dataFolder = "/var/lib/fail2ban";
dataFile = "fail2ban.sqlite3";
in {
options.services.fail2ban.impermanence.enable = lib.mkOption {
type = lib.types.bool;
default = config.services.fail2ban.enable && config.storage.impermanence.enable;
};
config = lib.mkIf config.services.fail2ban.enable (lib.mkMerge [
(lib.mkIf config.storage.zfs.enable (lib.mkMerge [
{
assertions = [
{
assertion = config.services.fail2ban.daemonSettings.Definition.dbfile == "${dataFolder}/${dataFile}";
message = "fail2ban data file does not match persistence";
}
];
}
(lib.mkIf (!config.services.fail2ban.impermanence.enable) {
# TODO: placeholder to configure a unique dataset for this service
})
(lib.mkIf config.services.fail2ban.impermanence.enable {
storage.impermanence.datasets."persist/system/root" = {
directories."${dataFolder}" = {
owner.name = "fail2ban";
group.name = "fail2ban";
};
};
})
]))
]);
}

2
modules/nixos-modules/server/flaresolverr/default.nix
View file

@ -1,5 +1,5 @@
{...}: {
imports = [
./impermanence.nix
./storage.nix
];
}

26
modules/nixos-modules/server/flaresolverr/impermanence.nix
View file

@ -1,26 +0,0 @@
{
lib,
config,
...
}: {
options.services.flaresolverr = {
impermanence.enable = lib.mkOption {
type = lib.types.bool;
default = config.services.flaresolverr.enable && config.host.impermanence.enable;
};
};
config = lib.mkIf config.services.flaresolverr.impermanence.enable {
# FlareSolverr typically doesn't need persistent storage as it's a proxy service
# but we'll add basic structure in case it's needed for logs or configuration
environment.persistence."/persist/system/root" = {
directories = [
{
directory = "/var/lib/flaresolverr";
user = "flaresolverr";
group = "flaresolverr";
}
];
};
};
}

26
modules/nixos-modules/server/flaresolverr/storage.nix Normal file
View file

@ -0,0 +1,26 @@
{
lib,
config,
...
}: {
options.services.flaresolverr.impermanence.enable = lib.mkOption {
type = lib.types.bool;
default = config.services.flaresolverr.enable && config.storage.impermanence.enable;
};
config = lib.mkIf config.services.flaresolverr.enable (lib.mkMerge [
(lib.mkIf config.storage.zfs.enable (lib.mkMerge [
(lib.mkIf (!config.services.flaresolverr.impermanence.enable) {
# TODO: placeholder to configure a unique dataset for this service
})
(lib.mkIf config.services.flaresolverr.impermanence.enable {
storage.impermanence.datasets."persist/system/root" = {
directories."/var/lib/flaresolverr" = {
owner.name = "flaresolverr";
group.name = "flaresolverr";
};
};
})
]))
]);
}

2
modules/nixos-modules/server/forgejo/default.nix
View file

@ -4,6 +4,6 @@
./proxy.nix
./database.nix
./fail2ban.nix
./impermanence.nix
./storage.nix
];
}

35
modules/nixos-modules/server/forgejo/impermanence.nix
View file

@ -1,35 +0,0 @@
{
lib,
config,
...
}: let
stateDir = "/var/lib/forgejo";
in {
options.services.forgejo = {
impermanence.enable = lib.mkOption {
type = lib.types.bool;
default = config.services.forgejo.enable && config.host.impermanence.enable;
};
};
config = lib.mkIf config.services.forgejo.impermanence.enable {
assertions = [
{
assertion = config.services.forgejo.stateDir == stateDir;
message = "forgejo state directory does not match persistence";
}
];
environment.persistence."/persist/system/root" = {
enable = true;
hideMounts = true;
directories = [
{
directory = stateDir;
user = "forgejo";
group = "forgejo";
}
];
};
};
}

36
modules/nixos-modules/server/forgejo/storage.nix Normal file
View file

@ -0,0 +1,36 @@
{
lib,
config,
...
}: let
stateDir = "/var/lib/forgejo";
in {
options.services.forgejo.impermanence.enable = lib.mkOption {
type = lib.types.bool;
default = config.services.forgejo.enable && config.storage.impermanence.enable;
};
config = lib.mkIf config.services.forgejo.enable (lib.mkMerge [
(lib.mkIf config.storage.zfs.enable (lib.mkMerge [
{
assertions = [
{
assertion = config.services.forgejo.stateDir == stateDir;
message = "forgejo state directory does not match persistence";
}
];
}
(lib.mkIf (!config.services.forgejo.impermanence.enable) {
# TODO: placeholder to configure a unique dataset for this service
})
(lib.mkIf config.services.forgejo.impermanence.enable {
storage.impermanence.datasets."persist/system/root" = {
directories."${stateDir}" = {
owner.name = "forgejo";
group.name = "forgejo";
};
};
})
]))
]);
}

2
modules/nixos-modules/server/home-assistant/default.nix
View file

@ -4,7 +4,7 @@
./proxy.nix
./database.nix
./fail2ban.nix
./impermanence.nix
./storage.nix
./extensions
];
}

26
modules/nixos-modules/server/home-assistant/impermanence.nix
View file

@ -1,26 +0,0 @@
{
lib,
config,
...
}: let
configDir = "/var/lib/hass";
in
lib.mkIf (config.host.impermanence.enable && config.services.home-assistant.enable) {
assertions = [
{
assertion = config.services.home-assistant.configDir == configDir;
message = "home assistant config directory does not match persistence";
}
];
environment.persistence."/persist/system/root" = {
enable = true;
hideMounts = true;
directories = [
{
directory = configDir;
user = "hass";
group = "hass";
}
];
};
}

36
modules/nixos-modules/server/home-assistant/storage.nix Normal file
View file

@ -0,0 +1,36 @@
{
lib,
config,
...
}: let
configDir = "/var/lib/hass";
in {
options.services.home-assistant.impermanence.enable = lib.mkOption {
type = lib.types.bool;
default = config.services.home-assistant.enable && config.storage.impermanence.enable;
};
config = lib.mkIf config.services.home-assistant.enable (lib.mkMerge [
(lib.mkIf config.storage.zfs.enable (lib.mkMerge [
{
assertions = [
{
assertion = config.services.home-assistant.configDir == configDir;
message = "home assistant config directory does not match persistence";
}
];
}
(lib.mkIf (!config.services.home-assistant.impermanence.enable) {
# TODO: placeholder to configure a unique dataset for this service
})
(lib.mkIf config.services.home-assistant.impermanence.enable {
storage.impermanence.datasets."persist/system/root" = {
directories."${configDir}" = {
owner.name = "hass";
group.name = "hass";
};
};
})
]))
]);
}

2
modules/nixos-modules/server/immich/default.nix
View file

@ -3,7 +3,7 @@
./proxy.nix
./database.nix
./fail2ban.nix
./impermanence.nix
./storage.nix
];
# NOTE: This shouldn't be needed now that we are out of testing

32
modules/nixos-modules/server/immich/impermanence.nix
View file

@ -1,32 +0,0 @@
{
lib,
config,
...
}: let
mediaLocation = "/var/lib/immich";
in {
options.services.immich = {
impermanence.enable = lib.mkOption {
type = lib.types.bool;
default = config.services.immich.enable && config.host.impermanence.enable;
};
};
config = lib.mkIf config.services.immich.impermanence.enable {
assertions = [
{
assertion = config.services.immich.mediaLocation == mediaLocation;
message = "immich media location does not match persistence";
}
];
environment.persistence."/persist/system/root" = {
directories = [
{
directory = mediaLocation;
user = "immich";
group = "immich";
}
];
};
};
}

36
modules/nixos-modules/server/immich/storage.nix Normal file
View file

@ -0,0 +1,36 @@
{
lib,
config,
...
}: let
mediaLocation = "/var/lib/immich";
in {
options.services.immich.impermanence.enable = lib.mkOption {
type = lib.types.bool;
default = config.services.immich.enable && config.storage.impermanence.enable;
};
config = lib.mkIf config.services.immich.enable (lib.mkMerge [
(lib.mkIf config.storage.zfs.enable (lib.mkMerge [
{
assertions = [
{
assertion = config.services.immich.mediaLocation == mediaLocation;
message = "immich media location does not match persistence";
}
];
}
(lib.mkIf (!config.services.immich.impermanence.enable) {
# TODO: placeholder to configure a unique dataset for this service
})
(lib.mkIf config.services.immich.impermanence.enable {
storage.impermanence.datasets."persist/system/root" = {
directories."${mediaLocation}" = {
owner.name = "immich";
group.name = "immich";
};
};
})
]))
]);
}

2
modules/nixos-modules/server/jackett/default.nix
View file

@ -1,5 +1,5 @@
{...}: {
imports = [
./impermanence.nix
./storage.nix
];
}

33
modules/nixos-modules/server/jackett/impermanence.nix
View file

@ -1,33 +0,0 @@
{
lib,
config,
...
}: let
jackett_data_directory = "/var/lib/jackett/.config/Jackett";
in {
options.services.jackett = {
impermanence.enable = lib.mkOption {
type = lib.types.bool;
default = config.services.jackett.enable && config.host.impermanence.enable;
};
};
config = lib.mkIf config.services.jackett.impermanence.enable {
assertions = [
{
assertion = config.services.jackett.dataDir == jackett_data_directory;
message = "jackett data directory does not match persistence";
}
];
environment.persistence."/persist/system/root" = {
directories = [
{
directory = jackett_data_directory;
user = "jackett";
group = "jackett";
}
];
};
};
}

36
modules/nixos-modules/server/jackett/storage.nix Normal file
View file

@ -0,0 +1,36 @@
{
lib,
config,
...
}: let
jackett_data_directory = "/var/lib/jackett/.config/Jackett";
in {
options.services.jackett.impermanence.enable = lib.mkOption {
type = lib.types.bool;
default = config.services.jackett.enable && config.storage.impermanence.enable;
};
config = lib.mkIf config.services.jackett.enable (lib.mkMerge [
(lib.mkIf config.storage.zfs.enable (lib.mkMerge [
{
assertions = [
{
assertion = config.services.jackett.dataDir == jackett_data_directory;
message = "jackett data directory does not match persistence";
}
];
}
(lib.mkIf (!config.services.jackett.impermanence.enable) {
# TODO: placeholder to configure a unique dataset for this service
})
(lib.mkIf config.services.jackett.impermanence.enable {
storage.impermanence.datasets."persist/system/root" = {
directories."${jackett_data_directory}" = {
owner.name = "jackett";
group.name = "jackett";
};
};
})
]))
]);
}

2
modules/nixos-modules/server/jellyfin/default.nix
View file

@ -3,6 +3,6 @@
./jellyfin.nix
./proxy.nix
./fail2ban.nix
./impermanence.nix
./storage.nix
];
}

73
modules/nixos-modules/server/jellyfin/impermanence.nix
View file

@ -1,73 +0,0 @@
{
lib,
config,
...
}: let
jellyfin_data_directory = "/var/lib/jellyfin";
jellyfin_cache_directory = "/var/cache/jellyfin";
in {
options.services.jellyfin = {
impermanence.enable = lib.mkOption {
type = lib.types.bool;
default = config.services.jellyfin.enable && config.host.impermanence.enable;
};
};
config = lib.mkIf config.services.jellyfin.impermanence.enable {
fileSystems."/persist/system/jellyfin".neededForBoot = true;
host.storage.pool.extraDatasets = {
# sops age key needs to be available to pre persist for user generation
"persist/system/jellyfin" = {
type = "zfs_fs";
mountpoint = "/persist/system/jellyfin";
options = {
atime = "off";
relatime = "off";
canmount = "on";
};
};
};
assertions = [
{
assertion = config.services.jellyfin.dataDir == jellyfin_data_directory;
message = "jellyfin data directory does not match persistence";
}
{
assertion = config.services.jellyfin.cacheDir == jellyfin_cache_directory;
message = "jellyfin cache directory does not match persistence";
}
];
environment.persistence = {
"/persist/system/root" = {
directories = [
{
directory = jellyfin_data_directory;
user = "jellyfin";
group = "jellyfin";
}
{
directory = jellyfin_cache_directory;
user = "jellyfin";
group = "jellyfin";
}
];
};
"/persist/system/jellyfin" = {
enable = true;
hideMounts = true;
directories = [
{
directory = config.services.jellyfin.media_directory;
user = "jellyfin";
group = "jellyfin_media";
mode = "1770";
}
];
};
};
};
}

76
modules/nixos-modules/server/jellyfin/storage.nix Normal file
View file

@ -0,0 +1,76 @@
{
lib,
config,
...
}: let
jellyfin_data_directory = "/var/lib/jellyfin";
jellyfin_cache_directory = "/var/cache/jellyfin";
in {
options.services.jellyfin.impermanence.enable = lib.mkOption {
type = lib.types.bool;
default = config.services.jellyfin.enable && config.storage.impermanence.enable;
};
config = lib.mkIf config.services.jellyfin.enable (lib.mkMerge [
(lib.mkIf config.storage.zfs.enable (lib.mkMerge [
{
assertions = [
{
assertion = config.services.jellyfin.dataDir == jellyfin_data_directory;
message = "jellyfin data directory does not match persistence";
}
{
assertion = config.services.jellyfin.cacheDir == jellyfin_cache_directory;
message = "jellyfin cache directory does not match persistence";
}
];
}
(lib.mkIf (!config.services.jellyfin.impermanence.enable) {
# TODO: placeholder to configure a unique dataset for this service
})
(lib.mkIf config.services.jellyfin.impermanence.enable {
storage.impermanence.datasets = {
"persist/system/root" = {
directories = {
"${jellyfin_data_directory}" = {
enable = true;
owner.name = "jellyfin";
group.name = "jellyfin";
};
"${jellyfin_cache_directory}" = {
enable = true;
owner.name = "jellyfin";
group.name = "jellyfin";
};
};
};
"persist/system/jellyfin" = {
atime = "off";
relatime = "off";
directories."${config.services.jellyfin.media_directory}" = {
enable = true;
owner.name = "jellyfin";
group.name = "jellyfin_media";
owner.permissions = {
read = true;
write = true;
execute = true;
};
group.permissions = {
read = true;
write = true;
execute = true;
};
other.permissions = {
read = false;
write = false;
execute = false;
};
};
};
};
})
]))
]);
}

2
modules/nixos-modules/server/lidarr/default.nix
View file

@ -1,5 +1,5 @@
{...}: {
imports = [
./impermanence.nix
./storage.nix
];
}

33
modules/nixos-modules/server/lidarr/impermanence.nix
View file

@ -1,33 +0,0 @@
{
lib,
config,
...
}: let
lidarr_data_directory = "/var/lib/lidarr/.config/Lidarr";
in {
options.services.lidarr = {
impermanence.enable = lib.mkOption {
type = lib.types.bool;
default = config.services.lidarr.enable && config.host.impermanence.enable;
};
};
config = lib.mkIf config.services.lidarr.impermanence.enable {
assertions = [
{
assertion = config.services.lidarr.dataDir == lidarr_data_directory;
message = "lidarr data directory does not match persistence";
}
];
environment.persistence."/persist/system/root" = {
directories = [
{
directory = lidarr_data_directory;
user = "lidarr";
group = "lidarr";
}
];
};
};
}

36
modules/nixos-modules/server/lidarr/storage.nix Normal file
View file

@ -0,0 +1,36 @@
{
lib,
config,
...
}: let
lidarr_data_directory = "/var/lib/lidarr/.config/Lidarr";
in {
options.services.lidarr.impermanence.enable = lib.mkOption {
type = lib.types.bool;
default = config.services.lidarr.enable && config.storage.impermanence.enable;
};
config = lib.mkIf config.services.lidarr.enable (lib.mkMerge [
(lib.mkIf config.storage.zfs.enable (lib.mkMerge [
{
assertions = [
{
assertion = config.services.lidarr.dataDir == lidarr_data_directory;
message = "lidarr data directory does not match persistence";
}
];
}
(lib.mkIf (!config.services.lidarr.impermanence.enable) {
# TODO: placeholder to configure a unique dataset for this service
})
(lib.mkIf config.services.lidarr.impermanence.enable {
storage.impermanence.datasets."persist/system/root" = {
directories."${lidarr_data_directory}" = {
owner.name = "lidarr";
group.name = "lidarr";
};
};
})
]))
]);
}

2
modules/nixos-modules/server/panoramax/default.nix
View file

@ -2,7 +2,7 @@
imports = [
./proxy.nix
./fail2ban.nix
./impermanence.nix
./storage.nix
./panoramax.nix
./database.nix
];

20
modules/nixos-modules/server/panoramax/impermanence.nix
View file

@ -1,20 +0,0 @@
{
lib,
config,
...
}: {
options.services.panoramax = {
impermanence.enable = lib.mkOption {
type = lib.types.bool;
default = config.services.panoramax.enable && config.host.impermanence.enable;
};
};
config = lib.mkIf config.services.panoramax.impermanence.enable {
# TODO: configure impermanence for panoramax data
# This would typically include directories like:
# - /var/lib/panoramax
# - panoramax storage directories
# - any cache or temporary directories that need to persist
};
}

33
modules/nixos-modules/server/panoramax/storage.nix Normal file
View file

@ -0,0 +1,33 @@
{
lib,
config,
...
}: {
options.services.panoramax.impermanence.enable = lib.mkOption {
type = lib.types.bool;
default = config.services.panoramax.enable && config.storage.impermanence.enable;
};
config = lib.mkIf config.services.panoramax.enable (lib.mkMerge [
(lib.mkIf config.storage.zfs.enable (lib.mkMerge [
{
# TODO: configure impermanence for panoramax data
# This would typically include directories like:
# - /var/lib/panoramax
# - panoramax storage directories
# - any cache or temporary directories that need to persist
}
(lib.mkIf (!config.services.panoramax.impermanence.enable) {
# TODO: placeholder to configure a unique dataset for this service
})
(lib.mkIf config.services.panoramax.impermanence.enable {
storage.impermanence.datasets."persist/system/root" = {
directories."/var/lib/panoramax" = {
owner.name = "panoramax";
group.name = "panoramax";
};
};
})
]))
]);
}

2
modules/nixos-modules/server/paperless/default.nix
View file

@ -4,6 +4,6 @@
./proxy.nix
./database.nix
./fail2ban.nix
./impermanence.nix
./storage.nix
];
}

32
modules/nixos-modules/server/paperless/impermanence.nix
View file

@ -1,32 +0,0 @@
{
config,
lib,
...
}: let
dataDir = "/var/lib/paperless";
in {
options.services.paperless = {
impermanence.enable = lib.mkOption {
type = lib.types.bool;
default = config.services.paperless.enable && config.host.impermanence.enable;
};
};
config = lib.mkIf config.services.paperless.impermanence.enable {
assertions = [
{
assertion = config.services.paperless.dataDir == dataDir;
message = "paperless data location does not match persistence";
}
];
environment.persistence."/persist/system/root" = {
directories = [
{
directory = dataDir;
user = "paperless";
group = "paperless";
}
];
};
};
}

36
modules/nixos-modules/server/paperless/storage.nix Normal file
View file

@ -0,0 +1,36 @@
{
config,
lib,
...
}: let
dataDir = "/var/lib/paperless";
in {
options.services.paperless.impermanence.enable = lib.mkOption {
type = lib.types.bool;
default = config.services.paperless.enable && config.storage.impermanence.enable;
};
config = lib.mkIf config.services.paperless.enable (lib.mkMerge [
(lib.mkIf config.storage.zfs.enable (lib.mkMerge [
{
assertions = [
{
assertion = config.services.paperless.dataDir == dataDir;
message = "paperless data location does not match persistence";
}
];
}
(lib.mkIf (!config.services.paperless.impermanence.enable) {
# TODO: placeholder to configure a unique dataset for this service
})
(lib.mkIf config.services.paperless.impermanence.enable {
storage.impermanence.datasets."persist/system/root" = {
directories."${dataDir}" = {
owner.name = "paperless";
group.name = "paperless";
};
};
})
]))
]);
}

2
modules/nixos-modules/server/postgres/default.nix
View file

@ -1,6 +1,6 @@
{...}: {
imports = [
./postgres.nix
./impermanence.nix
./storage.nix
];
}

27
modules/nixos-modules/server/postgres/impermanence.nix
View file

@ -1,27 +0,0 @@
{
config,
lib,
...
}: let
dataDir = "/var/lib/postgresql/16";
in {
config = lib.mkIf (config.services.postgresql.enable && config.host.impermanence.enable) {
assertions = [
{
assertion = config.services.postgresql.dataDir == dataDir;
message = "postgres data directory does not match persistence";
}
];
environment.persistence."/persist/system/root" = {
enable = true;
hideMounts = true;
directories = [
{
directory = dataDir;
user = "postgres";
group = "postgres";
}
];
};
};
}

36
modules/nixos-modules/server/postgres/storage.nix Normal file
View file

@ -0,0 +1,36 @@
{
config,
lib,
...
}: let
dataDir = "/var/lib/postgresql/16";
in {
options.services.postgresql.impermanence.enable = lib.mkOption {
type = lib.types.bool;
default = config.services.postgresql.enable && config.storage.impermanence.enable;
};
config = lib.mkIf config.services.postgresql.enable (lib.mkMerge [
(lib.mkIf config.storage.zfs.enable (lib.mkMerge [
{
assertions = [
{
assertion = config.services.postgresql.dataDir == dataDir;
message = "postgres data directory does not match persistence";
}
];
}
(lib.mkIf (!config.services.postgresql.impermanence.enable) {
# TODO: placeholder to configure a unique dataset for this service
})
(lib.mkIf config.services.postgresql.impermanence.enable {
storage.impermanence.datasets."persist/system/root" = {
directories."${dataDir}" = {
owner.name = "postgres";
group.name = "postgres";
};
};
})
]))
]);
}

2
modules/nixos-modules/server/qbittorent/default.nix
View file

@ -1,6 +1,6 @@
{...}: {
imports = [
./qbittorent.nix
./impermanence.nix
./storage.nix
];
}

61
modules/nixos-modules/server/qbittorent/impermanence.nix
View file

@ -1,61 +0,0 @@
{
lib,
config,
...
}: let
qbittorent_profile_directory = "/var/lib/qBittorrent/";
in {
options.services.qbittorrent = {
impermanence.enable = lib.mkOption {
type = lib.types.bool;
default = config.services.qbittorrent.enable && config.host.impermanence.enable;
};
};
config = lib.mkIf config.services.qbittorrent.impermanence.enable {
fileSystems."/persist/system/qbittorrent".neededForBoot = true;
host.storage.pool.extraDatasets = {
# sops age key needs to be available to pre persist for user generation
"persist/system/qbittorrent" = {
type = "zfs_fs";
mountpoint = "/persist/system/qbittorrent";
options = {
canmount = "on";
};
};
};
assertions = [
{
assertion = config.services.qbittorrent.profileDir == qbittorent_profile_directory;
message = "qbittorrent data directory does not match persistence";
}
];
environment.persistence = {
"/persist/system/root" = {
directories = [
{
directory = qbittorent_profile_directory;
user = "qbittorrent";
group = "qbittorrent";
}
];
};
"/persist/system/qbittorrent" = {
enable = true;
hideMounts = true;
directories = [
{
directory = config.services.qbittorrent.mediaDir;
user = "qbittorrent";
group = "qbittorrent";
mode = "1775";
}
];
};
};
};
}

62
modules/nixos-modules/server/qbittorent/storage.nix Normal file
View file

@ -0,0 +1,62 @@
{
lib,
config,
...
}: let
qbittorent_profile_directory = "/var/lib/qBittorrent/";
in {
options.services.qbittorrent.impermanence.enable = lib.mkOption {
type = lib.types.bool;
default = config.services.qbittorrent.enable && config.storage.impermanence.enable;
};
config = lib.mkIf config.services.qbittorrent.enable (lib.mkMerge [
(lib.mkIf config.storage.zfs.enable (lib.mkMerge [
{
assertions = [
{
assertion = config.services.qbittorrent.profileDir == qbittorent_profile_directory;
message = "qbittorrent data directory does not match persistence";
}
];
}
(lib.mkIf (!config.services.qbittorrent.impermanence.enable) {
# TODO: placeholder to configure a unique dataset for this service
})
(
lib.mkIf config.services.qbittorrent.impermanence.enable
{
storage.impermanence.datasets = {
"persist/system/root" = {
directories."${qbittorent_profile_directory}" = {
owner.name = "qbittorrent";
group.name = "qbittorrent";
};
};
"persist/system/qbittorrent" = {
directories."${config.services.qbittorrent.mediaDir}" = {
owner.name = "qbittorrent";
group.name = "qbittorrent";
owner.permissions = {
read = true;
write = true;
execute = true;
};
group.permissions = {
read = true;
write = true;
execute = true;
};
other.permissions = {
read = true;
write = false;
execute = true;
};
};
};
};
}
)
]))
]);
}

2
modules/nixos-modules/server/radarr/default.nix
View file

@ -1,5 +1,5 @@
{...}: {
imports = [
./impermanence.nix
./storage.nix
];
}

33
modules/nixos-modules/server/radarr/impermanence.nix
View file

@ -1,33 +0,0 @@
{
lib,
config,
...
}: let
radarr_data_directory = "/var/lib/radarr/.config/Radarr";
in {
options.services.radarr = {
impermanence.enable = lib.mkOption {
type = lib.types.bool;
default = config.services.radarr.enable && config.host.impermanence.enable;
};
};
config = lib.mkIf config.services.radarr.impermanence.enable {
assertions = [
{
assertion = config.services.radarr.dataDir == radarr_data_directory;
message = "radarr data directory does not match persistence";
}
];
environment.persistence."/persist/system/root" = {
directories = [
{
directory = radarr_data_directory;
user = "radarr";
group = "radarr";
}
];
};
};
}

36
modules/nixos-modules/server/radarr/storage.nix Normal file
View file

@ -0,0 +1,36 @@
{
lib,
config,
...
}: let
radarr_data_directory = "/var/lib/radarr/.config/Radarr";
in {
options.services.radarr.impermanence.enable = lib.mkOption {
type = lib.types.bool;
default = config.services.radarr.enable && config.storage.impermanence.enable;
};
config = lib.mkIf config.services.radarr.enable (lib.mkMerge [
(lib.mkIf config.storage.zfs.enable (lib.mkMerge [
{
assertions = [
{
assertion = config.services.radarr.dataDir == radarr_data_directory;
message = "radarr data directory does not match persistence";
}
];
}
(lib.mkIf (!config.services.radarr.impermanence.enable) {
# TODO: placeholder to configure a unique dataset for this service
})
(lib.mkIf config.services.radarr.impermanence.enable {
storage.impermanence.datasets."persist/system/root" = {
directories."${radarr_data_directory}" = {
owner.name = "radarr";
group.name = "radarr";
};
};
})
]))
]);
}

2
modules/nixos-modules/server/reverseProxy/default.nix
View file

@ -1,6 +1,6 @@
{...}: {
imports = [
./reverseProxy.nix
./impermanence.nix
./storage.nix
];
}

21
modules/nixos-modules/server/reverseProxy/impermanence.nix
View file

@ -1,21 +0,0 @@
{
lib,
config,
...
}: let
dataDir = "/var/lib/acme";
in {
config = lib.mkIf (config.host.impermanence.enable && config.services.reverseProxy.enable) {
environment.persistence."/persist/system/root" = {
enable = true;
hideMounts = true;
directories = [
{
directory = dataDir;
user = "acme";
group = "acme";
}
];
};
};
}

28
modules/nixos-modules/server/reverseProxy/storage.nix Normal file
View file

@ -0,0 +1,28 @@
{
lib,
config,
...
}: let
dataDir = "/var/lib/acme";
in {
options.services.reverseProxy.impermanence.enable = lib.mkOption {
type = lib.types.bool;
default = config.services.reverseProxy.enable && config.storage.impermanence.enable;
};
config = lib.mkIf config.services.reverseProxy.enable (lib.mkMerge [
(lib.mkIf config.storage.zfs.enable (lib.mkMerge [
(lib.mkIf (!config.services.reverseProxy.impermanence.enable) {
# TODO: placeholder to configure a unique dataset for this service
})
(lib.mkIf config.services.reverseProxy.impermanence.enable {
storage.impermanence.datasets."persist/system/root" = {
directories."${dataDir}" = {
owner.name = "acme";
group.name = "acme";
};
};
})
]))
]);
}

2
modules/nixos-modules/server/sonarr/default.nix
View file

@ -1,5 +1,5 @@
{...}: {
imports = [
./impermanence.nix
./storage.nix
];
}

33
modules/nixos-modules/server/sonarr/impermanence.nix
View file

@ -1,33 +0,0 @@
{
lib,
config,
...
}: let
sonarr_data_directory = "/var/lib/sonarr/.config/NzbDrone";
in {
options.services.sonarr = {
impermanence.enable = lib.mkOption {
type = lib.types.bool;
default = config.services.sonarr.enable && config.host.impermanence.enable;
};
};
config = lib.mkIf config.services.sonarr.impermanence.enable {
assertions = [
{
assertion = config.services.sonarr.dataDir == sonarr_data_directory;
message = "sonarr data directory does not match persistence";
}
];
environment.persistence."/persist/system/root" = {
directories = [
{
directory = sonarr_data_directory;
user = "sonarr";
group = "sonarr";
}
];
};
};
}

36
modules/nixos-modules/server/sonarr/storage.nix Normal file
View file

@ -0,0 +1,36 @@
{
lib,
config,
...
}: let
sonarr_data_directory = "/var/lib/sonarr/.config/NzbDrone";
in {
options.services.sonarr.impermanence.enable = lib.mkOption {
type = lib.types.bool;
default = config.services.sonarr.enable && config.storage.impermanence.enable;
};
config = lib.mkIf config.services.sonarr.enable (lib.mkMerge [
(lib.mkIf config.storage.zfs.enable (lib.mkMerge [
{
assertions = [
{
assertion = config.services.sonarr.dataDir == sonarr_data_directory;
message = "sonarr data directory does not match persistence";
}
];
}
(lib.mkIf (!config.services.sonarr.impermanence.enable) {
# TODO: placeholder to configure a unique dataset for this service
})
(lib.mkIf config.services.sonarr.impermanence.enable {
storage.impermanence.datasets."persist/system/root" = {
directories."${sonarr_data_directory}" = {
owner.name = "sonarr";
group.name = "sonarr";
};
};
})
]))
]);
}