diff --git a/modules/nixos/services/aria/default.nix b/modules/nixos/services/aria/default.nix index be35909..227cbac 100644 --- a/modules/nixos/services/aria/default.nix +++ b/modules/nixos/services/aria/default.nix @@ -71,7 +71,7 @@ in my.system.persist.directories = [ cfg.downloadDir - "/var/lib/aria2" + config.users.users.aria2.home ]; # NOTE: unfortunately aria2 does not log connection failures for fail2ban diff --git a/modules/nixos/services/fail2ban/default.nix b/modules/nixos/services/fail2ban/default.nix index 8dcc80d..a40e03e 100644 --- a/modules/nixos/services/fail2ban/default.nix +++ b/modules/nixos/services/fail2ban/default.nix @@ -35,7 +35,7 @@ in }; my.system.persist.directories = [ - "/var/lib/fail2ban" + "/var/lib/${config.systemd.services.fail2ban.serviceConfig.StateDirectory}" ]; }; } diff --git a/modules/nixos/services/flood/default.nix b/modules/nixos/services/flood/default.nix index b129617..b4fecef 100644 --- a/modules/nixos/services/flood/default.nix +++ b/modules/nixos/services/flood/default.nix @@ -29,7 +29,7 @@ in }; my.system.persist.directories = [ - "/var/lib/flood" + "/var/lib/${config.systemd.services.flood.serviceConfig.StateDirectory}" ]; # NOTE: unfortunately flood does not log connection failures for fail2ban diff --git a/modules/nixos/services/indexers/default.nix b/modules/nixos/services/indexers/default.nix index 58f845d..332ae30 100644 --- a/modules/nixos/services/indexers/default.nix +++ b/modules/nixos/services/indexers/default.nix @@ -67,7 +67,7 @@ in }; my.system.persist.directories = [ - "/var/lib/prowlarr" + "/var/lib/${config.systemd.services.prowlarr.serviceConfig.StateDirectory}" ]; services.fail2ban.jails = { diff --git a/modules/nixos/services/jellyfin/default.nix b/modules/nixos/services/jellyfin/default.nix index 3a421ec..d5de6d5 100644 --- a/modules/nixos/services/jellyfin/default.nix +++ b/modules/nixos/services/jellyfin/default.nix @@ -39,7 +39,7 @@ in }; my.system.persist.directories = [ - "/var/lib/jellyfin" + "/var/lib/${config.systemd.services.jellyfin.serviceConfig.StateDirectory}" ]; services.fail2ban.jails = { diff --git a/modules/nixos/services/lohr/default.nix b/modules/nixos/services/lohr/default.nix index c69075f..64925a2 100644 --- a/modules/nixos/services/lohr/default.nix +++ b/modules/nixos/services/lohr/default.nix @@ -109,7 +109,7 @@ in }; my.system.persist.directories = [ - "/var/lib/lohr" + "/var/lib/${config.systemd.services.lohr.serviceConfig.StateDirectory}" ]; }; } diff --git a/modules/nixos/services/mealie/default.nix b/modules/nixos/services/mealie/default.nix index 630231f..920081a 100644 --- a/modules/nixos/services/mealie/default.nix +++ b/modules/nixos/services/mealie/default.nix @@ -74,10 +74,14 @@ in my.services.backup = { paths = [ - "/var/lib/mealie" + config.systemd.services.mealie.environment.DATA_DIR ]; }; + my.system.persist.directories = [ + config.systemd.services.mealie.environment.DATA_DIR + ]; + services.fail2ban.jails = { mealie = '' enabled = true diff --git a/modules/nixos/services/navidrome/default.nix b/modules/nixos/services/navidrome/default.nix index 0fc3539..106e01d 100644 --- a/modules/nixos/services/navidrome/default.nix +++ b/modules/nixos/services/navidrome/default.nix @@ -54,7 +54,7 @@ in }; my.system.persist.directories = [ - "/var/lib/navidrome" + "/var/lib/${config.systemd.services.navidrome.serviceConfig.StateDirectory}" ]; services.fail2ban.jails = { diff --git a/modules/nixos/services/nextcloud/default.nix b/modules/nixos/services/nextcloud/default.nix index 5452dac..e561ce2 100644 --- a/modules/nixos/services/nextcloud/default.nix +++ b/modules/nixos/services/nextcloud/default.nix @@ -94,6 +94,7 @@ in my.system.persist.directories = [ config.services.nextcloud.home + config.services.nextcloud.datadir ]; services.fail2ban.jails = { diff --git a/modules/nixos/services/nginx/default.nix b/modules/nixos/services/nginx/default.nix index ab69efd..32c1b7d 100644 --- a/modules/nixos/services/nginx/default.nix +++ b/modules/nixos/services/nginx/default.nix @@ -488,7 +488,7 @@ in }; my.system.persist.directories = [ - "/var/lib/acme" + config.users.user.acme.home ]; }; } diff --git a/modules/nixos/services/paperless/default.nix b/modules/nixos/services/paperless/default.nix index 0754721..22ca8ad 100644 --- a/modules/nixos/services/paperless/default.nix +++ b/modules/nixos/services/paperless/default.nix @@ -148,8 +148,8 @@ in }; my.system.persist.directories = [ - config.services.paperless.dataDir - config.services.paperless.mediaDir + config.services.paperless-ng.dataDir + config.services.paperless-ng.mediaDir ]; }; } diff --git a/modules/nixos/services/pdf-edit/default.nix b/modules/nixos/services/pdf-edit/default.nix index 180e520..0928a14 100644 --- a/modules/nixos/services/pdf-edit/default.nix +++ b/modules/nixos/services/pdf-edit/default.nix @@ -55,7 +55,7 @@ in }; my.system.persist.directories = [ - "/var/lib/stirling-pdf" + "/var/lib/${config.systemd.services.stirling-pdf.serviceConfig.StateDirectory}" ]; services.fail2ban.jails = { diff --git a/modules/nixos/services/pyload/default.nix b/modules/nixos/services/pyload/default.nix index ec5042b..a8ec3b2 100644 --- a/modules/nixos/services/pyload/default.nix +++ b/modules/nixos/services/pyload/default.nix @@ -55,7 +55,7 @@ in my.system.persist.directories = [ cfg.downloadDirectory - "/var/lib/pyload" + "/var/lib/${config.systemd.services.pyload.StateDirectory}" ]; services.fail2ban.jails = { diff --git a/modules/nixos/services/servarr/default.nix b/modules/nixos/services/servarr/default.nix index c0f57df..3330b0f 100644 --- a/modules/nixos/services/servarr/default.nix +++ b/modules/nixos/services/servarr/default.nix @@ -26,7 +26,7 @@ let dataDir = if service != "bazarr" then config.services.${service}.dataDir - else "/var/lib/bazarr"; + else config.users.user.${service}.home; in [ dataDir ]; }; diff --git a/modules/nixos/services/tandoor-recipes/default.nix b/modules/nixos/services/tandoor-recipes/default.nix index 0bfa9fe..ea45e74 100644 --- a/modules/nixos/services/tandoor-recipes/default.nix +++ b/modules/nixos/services/tandoor-recipes/default.nix @@ -85,14 +85,17 @@ in my.services.backup = { paths = [ - "/var/lib/tandoor-recipes" + "/var/lib/${config.systemd.services.tandoor-recipes.StateDirectory}" + config.systemd.services.tandoor-recipes.environment.MEDIA_ROOT ]; }; my.system.persist.directories = [ - "/var/lib/tandoor-recipes" + "/var/lib/${config.systemd.services.tandoor-recipes.StateDirectory}" + config.systemd.services.tandoor-recipes.environment.MEDIA_ROOT ]; + # NOTE: unfortunately tandoor-recipes does not log connection failures for fail2ban }; } diff --git a/modules/nixos/services/transmission/default.nix b/modules/nixos/services/transmission/default.nix index a5393eb..674fa81 100644 --- a/modules/nixos/services/transmission/default.nix +++ b/modules/nixos/services/transmission/default.nix @@ -92,7 +92,6 @@ in }; my.system.persist.directories = [ - cfg.downloadBase config.services.transmission.home ]; diff --git a/modules/nixos/system/persist/default.nix b/modules/nixos/system/persist/default.nix index 2e7bb07..3033595 100644 --- a/modules/nixos/system/persist/default.nix +++ b/modules/nixos/system/persist/default.nix @@ -50,7 +50,7 @@ in "/etc/machine-id" # Machine-specific ID "/etc/adjtime" # Clock drift factor and offsets ] - ++ lib.unique cfg.files + ++ cfg.files ; directories = [ @@ -63,7 +63,7 @@ in "/var/spool" # FIXME: needed? "/var/tmp" # FIXME: needed? ] - ++ lib.unique cfg.directories + ++ cfg.directories ; }; };