refactor: move services out of systems/tewi/

2026-02-09 12:29:19 -08:00 · 2024-01-09 13:12:55 -08:00 · 2024-01-09 13:12:55 -08:00 · 5a661e8809
commit 5a661e8809
parent 2f68968238
30 changed files with 992 additions and 638 deletions
--- a/nixos/syncplay.nix
+++ b/nixos/syncplay.nix
@ -0,0 +1,42 @@
+{
+  config,
+  lib,
+  pkgs,
+  utils,
+  ...
+}:
+with lib; let
+  cfg = config.services.syncplay;
+  args =
+    [
+      "--disable-ready"
+      "--port"
+      cfg.port
+    ]
+    ++ optionals (cfg.certDir != null) ["--tls" cfg.certDir];
+in {
+  sops.secrets.syncplay-env.owner = cfg.user;
+
+  users.users.${cfg.user} = {
+    inherit (cfg) group;
+    isSystemUser = true;
+    home = "/var/lib/syncplay";
+  };
+  users.groups.${cfg.group} = {};
+
+  networking.firewall.allowedTCPPorts = [cfg.port];
+
+  services.syncplay = {
+    enable = true;
+    user = "syncplay";
+  };
+  systemd.services.syncplay = mkIf cfg.enable {
+    serviceConfig = {
+      StateDirectory = "syncplay";
+      EnvironmentFile = singleton config.sops.secrets.syncplay-env.path;
+      ExecStart = mkForce [
+        "${pkgs.syncplay-nogui}/bin/syncplay-server ${utils.escapeSystemdExecArgs args}"
+      ];
+    };
+  };
+}