Move lastfm-status to module

2024-03-30 00:15:16 +02:00 · 2024-03-30 00:15:16 +02:00 · 10c95fe8bc
commit 10c95fe8bc
parent aee78ca718
2 changed files with 56 additions and 30 deletions
--- a/configuration.nix
+++ b/configuration.nix
@ -12,6 +12,7 @@ in {
    ./hardware-configuration.nix
    ./containers.nix
    ./caddy.nix
+    ./modules/lastfm-status.nix
    inputs.common-modules.nixosModules.nixos-upgrade
    inputs.common-modules.nixosModules.qbittorrent-nox
    inputs.common-modules.nixosModules.unpackerr
@ -93,36 +94,6 @@ in {
      };
      wantedBy = ["default.target"];
    };
-
-    lastfm-status = let
-      package = inputs.lastfm-status.packages.${system}.default;
-    in {
-      enable = true;
-      serviceConfig = {
-        DynamicUser = true;
-        ProtectSystem = "full";
-        ProtectHome = "yes";
-        DeviceAllow = [""];
-        LockPersonality = true;
-        MemoryDenyWriteExecute = true;
-        PrivateDevices = true;
-        ProtectClock = true;
-        ProtectControlGroups = true;
-        ProtectHostname = true;
-        ProtectKernelLogs = true;
-        ProtectKernelModules = true;
-        ProtectKernelTunables = true;
-        ProtectProc = "invisible";
-        RestrictNamespaces = true;
-        RestrictRealtime = true;
-        RestrictSUIDSGID = true;
-        SystemCallArchitectures = "native";
-        PrivateUsers = true;
-        ExecStart = "${lib.getExe package} --port ${toString settings.ports.lastfm}";
-        Restart = "always";
-      };
-      wantedBy = ["default.target"];
-    };
  };

  fileSystems = {
@ -280,6 +251,11 @@ in {
  ];

  services = {
+    lastfm-status = {
+      enable = true;
+      package = inputs.lastfm-status.packages.${system}.default;
+      port = settings.ports.lastfm;
+    };
    unpackerr = {
      enable = true;

--- a/modules/lastfm-status.nix
+++ b/modules/lastfm-status.nix
@ -0,0 +1,50 @@
+{
+  config,
+  lib,
+  ...
+}: let
+  cfg = config.services.lastfm-status;
+in {
+  options.services.lastfm-status = {
+    enable = lib.mkEnableOption "lastfm-status";
+
+    package = lib.mkOption {
+      description = "package to use";
+    };
+
+    port = lib.mkOption {
+      type = lib.types.int;
+      description = "port to run http api on";
+    };
+  };
+
+  config = lib.mkIf cfg.enable {
+    systemd.services.lastfm-status = {
+      enable = true;
+      serviceConfig = {
+        DynamicUser = true;
+        ProtectSystem = "full";
+        ProtectHome = "yes";
+        DeviceAllow = [""];
+        LockPersonality = true;
+        MemoryDenyWriteExecute = true;
+        PrivateDevices = true;
+        ProtectClock = true;
+        ProtectControlGroups = true;
+        ProtectHostname = true;
+        ProtectKernelLogs = true;
+        ProtectKernelModules = true;
+        ProtectKernelTunables = true;
+        ProtectProc = "invisible";
+        RestrictNamespaces = true;
+        RestrictRealtime = true;
+        RestrictSUIDSGID = true;
+        SystemCallArchitectures = "native";
+        PrivateUsers = true;
+        ExecStart = "${lib.getExe cfg.package} --port ${toString cfg.port}";
+        Restart = "always";
+      };
+      wantedBy = ["default.target"];
+    };
+  };
+}