Move server to persistence, still have stuff to fix

hosts/kitty/boot/default.nix

@@ -1,11 +1,7 @@
 { config, lib, pkgs, ... }:
 {
-  boot = {
+  boot.swraid = {
-    kernelPackages = pkgs.linuxPackages_hardened;
-    initrd.systemd.services.root-reset.enable = lib.mkForce false;
-    swraid = {
     enable = true;
     mdadmConf = "MAILADDR contact@${config.domains.p2}";
   };
-  };
 }

hosts/kitty/default.nix

@@ -14,13 +14,12 @@
     hostId = "38ba3f57";
   };
 
-  environment.persistence."/persist".enable = lib.mkForce false;
-
   system = {
     desktop.enable = false;
     server.enable = true;
+    webserver.enable = true;
     fileserver.enable = true;
-    socials.enable = true;
+    socialserver.enable = true;
     wireless.enable = false;
     wireguard.server.enable = true;
     stateVersion = "24.05";

hosts/kitty/filesystems/default.nix

@@ -4,22 +4,23 @@
     "/" = {
       device = "/dev/disk/by-uuid/b8b7ed47-c98c-4a49-af01-b2832dde1287";
       fsType = "btrfs";
-      options = [ "subvol=@" ];
+      options = [ "subvol=root" ];
     };
-    "/home" = {
+    "/prev" = {
       device = "/dev/disk/by-uuid/b8b7ed47-c98c-4a49-af01-b2832dde1287";
       fsType = "btrfs";
-      options = [ "subvol=@home" ];
+      options = [ "subvol=prev" ];
+    };
+    "/persist" = {
+      device = "/dev/disk/by-uuid/acf95700-8669-45c7-9a72-bf3215b3c325";
+      fsType = "btrfs";
+      neededForBoot = true;
+      options = [ "subvol=persist" "compress=zstd" ];
     };
     "/nix" = {
       device = "/dev/disk/by-uuid/b8b7ed47-c98c-4a49-af01-b2832dde1287";
       fsType = "btrfs";
-      options = [ "subvol=@nix" ];
+      options = [ "subvol=nix" ];
-    };
-    "/var" = {
-      device = "/dev/disk/by-uuid/acf95700-8669-45c7-9a72-bf3215b3c325";
-      fsType = "btrfs";
-      options = [ "subvol=@var" ];
     };
     "/boot" = {
       device = "/dev/disk/by-uuid/CD94-1D3F";
@@ -28,23 +29,12 @@
     };
 
     # Subvols and bindmounts
-    "/persist" = {
-      device = "/dev/disk/by-uuid/acf95700-8669-45c7-9a72-bf3215b3c325";
-      fsType = "btrfs";
-      options = [ "subvol=persist" "compress=zstd" ];
-    };
     "/export/KittyNFS" = {
       depends = [ "/persist" ];
       device = "/persist/export/KittyNFS";
       fsType = "none";
       options = [ "bind" ];
     };
-    "/srv/minecraft" = {
-      depends = [ "/persist" ];
-      device = "/persist/srv/minecraft";
-      fsType = "none";
-      options = [ "bind" ];
-    };
   };
 
   swapDevices = [

modules/system/services/server/acme/default.nix

@@ -1,7 +0,0 @@
-{ config, ... }:
-{
-  security.acme = { 
-    acceptTerms = true;
-    defaults.email = "contact@${config.domains.p2}";
-  };
-}

modules/system/services/server/ddclient/default.nix

@@ -1,21 +0,0 @@
-{ pkgs, config, ... }:
-{
-  services.ddclient = {
-    enable = config.system.server.enable;
-    protocol = "cloudflare";
-    zone = "${config.domains.p2}";
-    usev6 = "";
-    username = "token";
-    passwordFile = "${pkgs.writeText "cloudflareapikey" config.secrets.flareApiKey}";
-    domains = [
-      "${config.domains.p2}"
-      "*.${config.domains.p2}"
-      "sv.${config.domains.p2}"
-      "git.${config.domains.p2}"
-      "turn.${config.domains.p2}"
-      "dew.${config.domains.p2}"
-      "john.${config.domains.p2}"
-      "rogue.${config.domains.p2}"
-    ];
-  };
-}

modules/system/services/server/default.nix

@@ -1,17 +1,15 @@
 { ... }:
 {
   imports = [
-    ./acme
-    ./ddclient
     ./fileserver
     ./forgejo
     ./icecast
     ./mailserver
     ./minecraft
     ./mysql
-    ./nginx
+    ./socialserver
-    ./social
     ./transmission
     ./vaultwarden
+    ./webserver
   ];
 }

modules/system/services/server/fileserver/jellyfin/default.nix

@@ -1,8 +1,13 @@
-{ config, ... }:
+{ config, lib, ... }:
 {
   imports = [
     ./nginx
   ];
 
-  services.jellyfin.enable = config.system.fileserver.enable;
+  config = lib.mkIf config.system.fileserver.enable {
+    services.jellyfin.enable = true;
+    environment.persistence."/persist".directories = [
+      "/var/lib/jellyfin"
+    ];
+  };
 }

modules/system/services/server/fileserver/nextcloud/default.nix

@@ -1,15 +1,15 @@
-{ pkgs, config, ... }:
+{ config, lib, pkgs, ... }:
 {
   imports = [
     ./collabora
     ./nginx
   ];
 
+  config = lib.mkIf config.system.fileserver.enable {
     services.nextcloud = {
-    enable = config.system.fileserver.enable;
+      enable = true;
       package = pkgs.nextcloud30;
       hostName = "cloud.${config.domains.p2}";
-    datadir = "/mnt/nextcloud";
       https = true;
       config = {
         adminuser = config.sysusers.main;
@@ -29,4 +29,8 @@
         mail_smtpport = 587;
       };
     };
+    environment.persistence."/persist".directories = [
+      "/var/lib/nextcloud"
+    ];
+  };
 }

modules/system/services/server/forgejo/default.nix

@@ -30,5 +30,9 @@
     };
 
     networking.firewall.allowedTCPPorts = [ 2299 ];
+
+    environment.persistence."/persist".directories = [
+      "/var/lib/forgejo"
+    ];
   };
 }

modules/system/services/server/minecraft/default.nix

@@ -1,4 +1,4 @@
-{ minecraft, config, ... }:
+{ minecraft, config, lib, ... }:
 {
   imports = [
     minecraft.nixosModules.minecraft-servers
@@ -10,10 +10,16 @@
     ./servers/uberbeta
   ];
 
+  config = lib.mkIf config.system.server.enable {
     nixpkgs.overlays = [ minecraft.overlay ];
 
     services.minecraft-servers = {
-    enable = config.system.server.enable;
+      enable = true;
       eula = true;
     };
+
+    environment.persistence."/persist".directories = [
+      "/srv/minecraft"
+    ];
+  };
 }

modules/system/services/server/mysql/default.nix

@@ -1,9 +1,9 @@
-{ config, pkgs, ... }:
+{ config, lib, pkgs, ... }:
 {
+  config = lib.mkIf config.system.server.enable {
     services.mysql = {
-    enable = config.system.server.enable;
+      enable = true;
       package = pkgs.mariadb;
-    dataDir = "/var/lib/mysql";
       ensureDatabases = [
         "minecraft"
       ];
@@ -16,4 +16,8 @@
         }
       ];
     };
+    environment.persistence."/persist".directories = [
+      "/var/lib/mysql"
+    ];
+  };
 }

modules/system/services/server/social/mastodon/default.nix

@@ -1,18 +0,0 @@
-{ pkgs, config, ... }:
-{
-  services.mastodon = {
-    enable = config.system.socials.enable;
-    localDomain = "social.${config.domains.p2}";
-    streamingProcesses = 4;
-    configureNginx = true;
-    smtp = {
-      createLocally = false;
-      host = "mx.${config.domains.p1}";
-      port = 587;
-      authenticate = true;
-      fromAddress = "NixFox Mastodon <noreply@${config.domains.p2}>";
-      user = "noreply@${config.domains.p2}";
-      passwordFile = pkgs.writeText "smtp_pass.txt" config.secrets.noreplyPassword;
-    };
-  };
-}

modules/system/services/server/social/matrix/synapse/default.nix

@@ -1,73 +0,0 @@
-{ pkgs, config, ... }:
-{
-  imports = [
-    ./nginx
-  ];
-
-  services.matrix-synapse = {
-    enable = config.system.socials.enable;
-    settings = {
-      server_name = "${config.domains.p1}";
-      public_baseurl = "https://matrix.${config.domains.p1}";
-      suppress_key_server_warning = true;
-
-      listeners = [
-        {
-          port = 8008;
-          bind_addresses = [ "::" "0.0.0.0" ];
-          resources = [{
-            compress = true;
-            names = [
-              "client"
-              "federation"
-            ];
-          }];
-          type = "http";
-          tls = false;
-          x_forwarded = true;
-        }
-      ];
-
-      email = {
-        notif_from = "NixFox Matrix <noreply@${config.domains.p2}>";
-        smtp_host = "mx.${config.domains.p1}";
-        smtp_user = "noreply@${config.domains.p2}";
-        smtp_pass = config.secrets.noreplyPassword;
-        enable_tls = true;
-        smtp_port = 587;
-        require_transport_security = true;
-      };
-
-      # Disable registration without email
-      registrations_require_3pid = [ "email" ];
-
-      # Allow only this range of emails
-      allowed_local_3pids = [
-        {
-          medium = "email";
-          pattern = ''^[^@]+@nixfox\.ca$'';
-        }
-        {
-          medium = "email";
-          pattern = ''^[^@]+@freecorn1854\.win$'';
-        }
-        {
-          medium = "email";
-          pattern = ''^[^@]+@lunamoonlight\.xyz$'';
-        }
-      ];
-
-      # Set the type of database
-      database.name = "sqlite3";
-
-      # Allow account registration
-      enable_registration = true;
-
-      # General settings
-      url_preview_enabled = true;
-      max_upload_size = "50M";
-      report_stats = false;
-      burst_count = 15;
-    };
-  };
-}

modules/system/services/server/social/owncast/default.nix

@@ -1,11 +0,0 @@
-{ config, ... }:
-{
-  imports = [ ./nginx ];
-
-  services.owncast = {
-    enable = config.system.socials.enable;
-    port = 8060;
-    rtmp-port = 1945;
-    listen = "0.0.0.0";
-  };
-}

modules/system/services/server/socialserver/default.nix

@@ -1,6 +1,6 @@
 { lib, ... }:
 {
-  options.system.socials.enable = lib.mkOption {
+  options.system.socialserver.enable = lib.mkOption {
     type = lib.types.bool;
     default = false;
   };

modules/system/services/server/socialserver/mastodon/default.nix

@@ -0,0 +1,23 @@
+{ config, lib, pkgs, ... }:
+{
+  config = lib.mkIf config.system.socialserver.enable {
+    services.mastodon = {
+      enable = true;
+      localDomain = "social.${config.domains.p2}";
+      streamingProcesses = 4;
+      configureNginx = true;
+      smtp = {
+        createLocally = false;
+        host = "mx.${config.domains.p1}";
+        port = 587;
+        authenticate = true;
+        fromAddress = "NixFox Mastodon <noreply@${config.domains.p2}>";
+        user = "noreply@${config.domains.p2}";
+        passwordFile = pkgs.writeText "smtp_pass.txt" config.secrets.noreplyPassword;
+      };
+    };
+    environment.persistence."/persist".directories = [
+      "/var/lib/mastodon"
+    ];
+  };
+}

modules/system/services/server/socialserver/matrix/synapse/default.nix

@@ -0,0 +1,78 @@
+{ config, lib, pkgs, ... }:
+{
+  imports = [
+    ./nginx
+  ];
+
+  config = lib.mkIf config.system.socialserver.enable {
+    services.matrix-synapse = {
+      enable = true;
+      settings = {
+        server_name = "${config.domains.p1}";
+        public_baseurl = "https://matrix.${config.domains.p1}";
+        suppress_key_server_warning = true;
+
+        listeners = [
+          {
+            port = 8008;
+            bind_addresses = [ "::" "0.0.0.0" ];
+            resources = [{
+              compress = true;
+              names = [
+                "client"
+                "federation"
+              ];
+            }];
+            type = "http";
+            tls = false;
+            x_forwarded = true;
+          }
+        ];
+
+        email = {
+          notif_from = "NixFox Matrix <noreply@${config.domains.p2}>";
+          smtp_host = "mx.${config.domains.p1}";
+          smtp_user = "noreply@${config.domains.p2}";
+          smtp_pass = config.secrets.noreplyPassword;
+          enable_tls = true;
+          smtp_port = 587;
+          require_transport_security = true;
+        };
+
+        # Disable registration without email
+        registrations_require_3pid = [ "email" ];
+
+        # Allow only this range of emails
+        allowed_local_3pids = [
+          {
+            medium = "email";
+            pattern = ''^[^@]+@nixfox\.ca$'';
+          }
+          {
+            medium = "email";
+            pattern = ''^[^@]+@freecorn1854\.win$'';
+          }
+          {
+            medium = "email";
+            pattern = ''^[^@]+@lunamoonlight\.xyz$'';
+          }
+        ];
+
+        # Set the type of database
+        database.name = "sqlite3";
+
+        # Allow account registration
+        enable_registration = true;
+
+        # General settings
+        url_preview_enabled = true;
+        max_upload_size = "50M";
+        report_stats = false;
+        burst_count = 15;
+      };
+    };
+    environment.persistence."/persist".directories = [
+      "/var/lib/matrix-synapse"
+    ];
+  };
+}

modules/system/services/server/socialserver/owncast/default.nix

@@ -0,0 +1,16 @@
+{ config, lib, ... }:
+{
+  imports = [ ./nginx ];
+
+  config = lib.mkIf config.system.socialserver.enable {
+    services.owncast = {
+      enable = true;
+      port = 8060;
+      rtmp-port = 1945;
+      listen = "0.0.0.0";
+    };
+    environment.persistence."/persist".directories = [
+      "/var/lib/owncast"
+    ];
+  };
+}

modules/system/services/server/transmission/default.nix

@@ -1,11 +1,16 @@
-{ pkgs, config, ... }:
+{ config, lib, pkgs, ... }:
 {
   imports = [ ./nginx ];
 
+  config = lib.mkIf config.system.server.enable {
     services.transmission = {
-    enable = config.system.server.enable;
+      enable = true;
       credentialsFile = pkgs.writeText "credentials" config.secrets.transmissionCredFile;
       openPeerPorts = true;
       settings.rpc-authentication-required = true;
     };
+    environment.persistence."/persist".directories = [
+      "/var/lib/transmission"
+    ];
+  };
 }

modules/system/services/server/vaultwarden/default.nix

@@ -1,9 +1,10 @@
-{ config, ... }:
+{ config, lib, ... }:
 {
   imports = [ ./nginx ];
 
+  config = lib.mkIf config.system.server.enable {
     services.vaultwarden = {
-    enable = config.system.server.enable;
+      enable = true;
       config = {
         DOMAIN = "https://pass.${config.domains.p2}";
         SIGNUPS_ALLOWED = false;
@@ -22,4 +23,8 @@
         SMTP_TIMEOUT = 15;
       };
     };
+    environment.persistence."/persist".directories = [
+      "/var/lib/bitwarden_rs"
+    ];
+  };
 }

modules/system/services/server/webserver/acme/default.nix

@@ -0,0 +1,12 @@
+{ config, lib, ... }:
+{
+  config = lib.mkIf config.system.webserver.enable {
+    security.acme = { 
+      acceptTerms = true;
+      defaults.email = "contact@${config.domains.p2}";
+    };
+    environment.persistence."/persist".directories = [
+      "/var/lib/acme"
+    ];
+  };
+}

modules/system/services/server/webserver/ddclient/default.nix

@@ -0,0 +1,26 @@
+{ config, lib, pkgs, ... }:
+{
+  config = lib.mkIf config.system.webserver.enable {
+    services.ddclient = {
+      enable = true;
+      protocol = "cloudflare";
+      zone = "${config.domains.p2}";
+      usev6 = "";
+      username = "token";
+      passwordFile = "${pkgs.writeText "cloudflareapikey" config.secrets.flareApiKey}";
+      domains = [
+        "${config.domains.p2}"
+        "*.${config.domains.p2}"
+        "sv.${config.domains.p2}"
+        "git.${config.domains.p2}"
+        "turn.${config.domains.p2}"
+        "dew.${config.domains.p2}"
+        "john.${config.domains.p2}"
+        "rogue.${config.domains.p2}"
+      ];
+    };
+    environment.persistence."/persist".directories = [
+      "/var/lib/private/ddclient"
+    ];
+  };
+}

modules/system/services/server/webserver/default.nix

@@ -0,0 +1,13 @@
+{ lib, ... }: 
+{
+  options.system.webserver.enable = lib.mkOption {
+    type = lib.types.bool;
+    default = false;
+  };
+
+  imports = [
+    ./acme
+    ./ddclient
+    ./nginx
+  ];
+}

modules/system/services/server/webserver/nginx/default.nix

@@ -5,7 +5,7 @@
     ./virtualhosts
   ];
 
-  config = lib.mkIf (config.system.server.enable || config.system.mailserver.enable) {
+  config = lib.mkIf config.system.webserver.enable {
     services.nginx = {
       enable = true;
       recommendedTlsSettings = true;
@@ -14,6 +14,10 @@
       recommendedProxySettings = true;
     };
 
+    environment.persistence."/persist".directories = [
+      "/var/www"
+    ];
+
     networking.firewall.allowedTCPPorts = [
       80
       443