.github
.vscode
docs
hydra
keys
lib
modules
systems
artemision
bob
jeeves
docker
scripts
arch_mirror.nix
configuration.nix
default.nix
hardware.nix
programs.nix
secrets.yaml
services.nix
snapshot_config.toml
vars.nix
jeeves-jr
palatine-hill
rhapsody-in-green
users
utils
.envrc
.gitconfig
.gitignore
.sops.yaml
CONTRIBUTING.md
README.md
checks.nix
flake.lock
flake.nix
shell.nix
sops-mergetool.sh
statix.toml
treefmt.toml
53 lines
1.3 KiB
Nix
53 lines
1.3 KiB
Nix
{
|
|
config,
|
|
inputs,
|
|
pkgs,
|
|
...
|
|
}:
|
|
{
|
|
systemd = {
|
|
services = {
|
|
plex_permission = {
|
|
description = "maintains /zfs/storage/plex permissions";
|
|
serviceConfig = {
|
|
Type = "oneshot";
|
|
ExecStart = "${pkgs.bash}/bin/bash ${./scripts/plex_permission.sh}";
|
|
};
|
|
};
|
|
startup_validation = {
|
|
requires = [ "network-online.target" ];
|
|
after = [ "network-online.target" ];
|
|
wantedBy = [ "multi-user.target" ];
|
|
description = "validates startup";
|
|
path = [ pkgs.zfs ];
|
|
serviceConfig = {
|
|
EnvironmentFile = config.sops.secrets."server-validation/webhook".path;
|
|
Type = "oneshot";
|
|
ExecStart = "${inputs.server_tools.packages.x86_64-linux.default}/bin/validate_jeeves";
|
|
};
|
|
};
|
|
};
|
|
timers = {
|
|
plex_permission = {
|
|
wantedBy = [ "timers.target" ];
|
|
timerConfig = {
|
|
OnBootSec = "1h";
|
|
OnCalendar = "daily 03:00";
|
|
Unit = "plex_permission.service";
|
|
};
|
|
};
|
|
startup_validation = {
|
|
wantedBy = [ "timers.target" ];
|
|
timerConfig = {
|
|
OnBootSec = "10min";
|
|
Unit = "startup_validation.service";
|
|
};
|
|
};
|
|
};
|
|
};
|
|
sops = {
|
|
defaultSopsFile = ./secrets.yaml;
|
|
secrets."server-validation/webhook".owner = "root";
|
|
};
|
|
}
|