refactor(nixos): use new persistDirs option and remove environment.persistence where possible

2025-06-14 19:59:42 +08:00 · 2025-06-14 19:59:42 +08:00 · 77d8ed7a13
commit 77d8ed7a13
parent 16b7f375bd
9 changed files with 98 additions and 36 deletions
--- a/modules/nixos/default.nix
+++ b/modules/nixos/default.nix
@ -0,0 +1,46 @@
+{ lib, config, ... }:
+let
+  inherit (lib) mkOption;
+  inherit (lib.types)
+    listOf
+    str
+    coercedTo
+    submodule
+    ;
+  rootDir = submodule {
+    options = {
+      directory = mkOption { type = str; };
+      user = mkOption {
+        type = str;
+        default = "root";
+      };
+      group = mkOption {
+        type = str;
+        default = "root";
+      };
+      mode = mkOption {
+        type = str;
+        default = "0755";
+      };
+    };
+  };
+in
+{
+  options = {
+    persistDirs = mkOption {
+      type = listOf (coercedTo str (d: { directory = d; }) rootDir);
+      default = [ ];
+    };
+  };
+
+  config = {
+    # Helper options
+    environment.persistence."/persist".directories = config.persistDirs;
+
+    # Global options
+    persistDirs = [
+      "/var/lib/systemd"
+      "/var/lib/nixos"
+    ];
+  };
+}
--- a/modules/nixos/hardware/btrfs.nix
+++ b/modules/nixos/hardware/btrfs.nix
@ -84,12 +84,9 @@ in
          	  '';
        programs.fuse.userAllowOther = true;
        fileSystems."/persist".neededForBoot = true;
+        #FIXME: below should be in module or something
        environment.persistence."/persist" = {
          hideMounts = true;
-          directories = [
-            "/var/lib/systemd"
-            "/var/lib/nixos"
-          ];
          files = [
            "/etc/ssh/ssh_host_ed25519_key"
            "/etc/ssh/ssh_host_ed25519_key.pub"
--- a/modules/nixos/hardware/default.nix
+++ b/modules/nixos/hardware/default.nix
@ -52,7 +52,7 @@ in
        ];
      };
      services.fwupd.enable = true;
-      environment.persistence."/persist".directories = lib.singleton "/var/lib/bluetooth";
+      persistDirs = singleton "/var/lib/bluetooth";
      hardware.bluetooth = {
        enable = true;
        settings.General.Experimental = true;
--- a/modules/nixos/hardware/networking.nix
+++ b/modules/nixos/hardware/networking.nix
@ -1,4 +1,7 @@
 { config, lib, ... }:
+let
+  inherit (lib) singleton;
+in
 {
  config = {
    networking = {
@ -19,6 +22,6 @@
      enable = true;
      authKeyFile = config.sops.secrets."keys/tailscale".path;
    };
-    environment.persistence."/persist".directories = [ "/var/lib/tailscale" ];
+    persistDirs = singleton "/var/lib/tailscale";
  };
 }
--- a/modules/nixos/server/databases/default.nix
+++ b/modules/nixos/server/databases/default.nix
@ -5,6 +5,7 @@
  ...
 }:
 let
+  inherit (lib) singleton;
  cfg = config.server.databases;
 in
 {
@ -26,13 +27,11 @@ in
  config = lib.mkMerge [
    (lib.mkIf cfg.postgresql.enable {
      networking.firewall.allowedTCPPorts = lib.singleton cfg.postgresql.port;
-      environment.persistence."/persist".directories = [
-        {
-          directory = builtins.toString config.services.postgresql.dataDir;
-          user = "postgres";
-          group = "postgres";
-        }
-      ];
+      persistDirs = singleton {
+        directory = builtins.toString config.services.postgresql.dataDir;
+        user = "postgres";
+        group = "postgres";
+      };
      services.postgresql = {
        enable = true;
        enableTCPIP = true;
@ -48,13 +47,11 @@ in
    })
    (lib.mkIf cfg.mongodb.enable {
      networking.firewall.allowedTCPPorts = [ cfg.mongodb.port ];
-      environment.persistence."/persist".directories = [
-        {
-          directory = builtins.toString config.services.mongodb.dbpath;
-          user = "mongodb";
-          group = "mongodb";
-        }
-      ];
+      persistDirs = singleton {
+        directory = builtins.toString config.services.mongodb.dbpath;
+        user = "mongodb";
+        group = "mongodb";
+      };
      services.mongodb = {
        enable = true;
        bind_ip = "0.0.0.0";
@ -65,13 +62,11 @@ in
    })
    (lib.mkIf cfg.mysql.enable {
      networking.firewall.allowedTCPPorts = [ cfg.mysql.port ];
-      environment.persistence."/persist".directories = [
-        {
-          directory = builtins.toString config.services.mysql.dataDir;
-          user = "mysql";
-          group = "mysql";
-        }
-      ];
+      persistDirs = singleton {
+        directory = builtins.toString config.services.mysql.dataDir;
+        user = "mysql";
+        group = "mysql";
+      };
      services.mysql = {
        enable = true;
        package = pkgs.mariadb;
--- a/modules/nixos/server/web-apps/librechat/default.nix
+++ b/modules/nixos/server/web-apps/librechat/default.nix
@ -23,7 +23,7 @@ in
  };

  config = mkIf cfg.enable {
-    environment.persistence."/persist".directories = singleton {
+    persistDirs = singleton {
      directory = upstreamCfg.logDir;
      inherit (upstreamCfg) user group;
    };
--- a/modules/nixos/server/web-apps/mattermost/default.nix
+++ b/modules/nixos/server/web-apps/mattermost/default.nix
@ -33,7 +33,7 @@ in
        message = "You must enable a local instance of postgresql.";
      }
    ];
-    environment.persistence."/persist".directories = [
+    persistDirs = [
      (mkDir cfg.configDir)
      (mkDir cfg.logDir)
      (mkDir cfg.dataDir)
--- a/modules/nixos/server/web-apps/sd-webui-forge/default.nix
+++ b/modules/nixos/server/web-apps/sd-webui-forge/default.nix
@ -0,0 +1,27 @@
+{ config, lib, ... }:
+let
+  inherit (lib) singleton mkEnableOption mkIf;
+  cfg = config.server.sd-webui-forge;
+  upstreamCfg = config.services.sd-webui-forge;
+in
+{
+  options.server.sd-webui-forge = {
+    enable = mkEnableOption "";
+  };
+
+  config = mkIf cfg.enable {
+    assertions = singleton {
+      assertion = config.hardware.gpu == "nvidia";
+      message = "You must run the sd-webui-forge service only with an nvidia gpu.";
+    };
+    persistDirs = singleton {
+      directory = upstreamCfg.dataDir;
+      inherit (upstreamCfg) user group;
+    };
+    services.sd-webui-forge = {
+      enable = true;
+      listen = true;
+      extraArgs = "--cuda-malloc";
+    };
+  };
+}
--- a/systems/x86_64-linux/nemesis/default.nix
+++ b/systems/x86_64-linux/nemesis/default.nix
@ -38,11 +38,5 @@
    };
  };

-  services = {
-    sd-webui-forge = {
-      enable = true;
-      listen = true;
-      extraArgs = "--cuda-malloc";
-    };
-  };
+  server.sd-webui-forge.enable = true;
 }