fix

sp-modules/bitwarden/module.nix

@@ -72,28 +72,36 @@ in
         EMERGENCY_ACCESS_ALLOWED = cfg.emergencyAccessAllowed;
       };
     };
-    systemd.services.bitwarden-secrets = {
-      before = [ "vaultwarden.service" ];
-      requiredBy = [ "vaultwarden.service" ];
-      serviceConfig.Type = "oneshot";
-      path = with pkgs; [ coreutils jq ];
-      script = ''
-        set -o nounset
+    systemd = {
+      services = {
+        vaultwarden.serviceConfig.Slice = "bitwarden.slice";
+        bitwarden-secrets = {
+          before = [ "vaultwarden.service" ];
+          requiredBy = [ "vaultwarden.service" ];
+          serviceConfig.Type = "oneshot";
+          path = with pkgs; [ coreutils jq ];
+          script = ''
+            set -o nounset
 
-        token="$(jq -r '.bitwarden.adminToken' ${secrets-filepath})"
-        if [ "$token" == "null" ]; then
-            # If it's null, empty the contents of the file
-            bitwarden_env=""
-        else
-            bitwarden_env="ADMIN_TOKEN=$token"
-        fi
+            token="$(jq -r '.bitwarden.adminToken' ${secrets-filepath})"
+            if [ "$token" == "null" ]; then
+                # If it's null, empty the contents of the file
+                bitwarden_env=""
+            else
+                bitwarden_env="ADMIN_TOKEN=$token"
+            fi
 
-        install -C -m 0700 -o vaultwarden -g vaultwarden \
-        -d /var/lib/bitwarden
+            install -C -m 0700 -o vaultwarden -g vaultwarden \
+            -d /var/lib/bitwarden
 
-        install -C -m 0600 -o vaultwarden -g vaultwarden -DT \
-        <(printf "%s" "$bitwarden_env") ${bitwarden-env}
-      '';
+            install -C -m 0600 -o vaultwarden -g vaultwarden -DT \
+            <(printf "%s" "$bitwarden_env") ${bitwarden-env}
+          '';
+        };
+      };
+      slices.bitwarden = {
+        description = "Bitwarden service slice";
+      };
     };
     services.nginx.virtualHosts."${cfg.subdomain}.${sp.domain}" = {
       useACMEHost = sp.domain;
@@ -116,12 +124,5 @@ in
     # NixOS upstream bug? Otherwise, backup-vaultwarden cannot find sqlite DB.
     systemd.services.backup-vaultwarden.unitConfig.ConditionPathExists =
       "/var/lib/bitwarden_rs/db.sqlite3";
-
-    systemd = {
-      services.vaultwarden.serviceConfig.Slice = "bitwarden.slice";
-      slices.bitwarden = {
-        description = "Bitwarden service slice";
-      };
-    };
   };
 }

sp-modules/nextcloud/module.nix

@@ -34,23 +34,35 @@
           ];
         };
       };
-      systemd.services.nextcloud-secrets = {
-        before = [ "nextcloud-setup.service" ];
-        requiredBy = [ "nextcloud-setup.service" ];
-        serviceConfig.Type = "oneshot";
-        path = with pkgs; [ coreutils jq ];
-        script = ''
-          databasePassword=$(jq -re '.modules.nextcloud.databasePassword' ${secrets-filepath})
-          adminPassword=$(jq -re '.modules.nextcloud.adminPassword' ${secrets-filepath})
+      systemd = {
+        services = {
+          phpfpm-nextcloud.serviceConfig.Slice = "nextcloud.slice";
+          nextcloud-setup.serviceConfig.Slice = "nextcloud.slice";
+          nextcloud-cron.serviceConfig.Slice = "nextcloud.slice";
+          nextcloud-update-db.serviceConfig.Slice = "nextcloud.slice";
+          nextcloud-update-plugins.serviceConfig.Slice = "nextcloud.slice";
+          nextcloud-secrets = {
+            before = [ "nextcloud-setup.service" ];
+            requiredBy = [ "nextcloud-setup.service" ];
+            serviceConfig.Type = "oneshot";
+            path = with pkgs; [ coreutils jq ];
+            script = ''
+              databasePassword=$(jq -re '.modules.nextcloud.databasePassword' ${secrets-filepath})
+              adminPassword=$(jq -re '.modules.nextcloud.adminPassword' ${secrets-filepath})
 
-          install -C -m 0440 -o nextcloud -g nextcloud -DT \
-          <(printf "%s\n" "$databasePassword") \
-          ${db-pass-filepath}
+              install -C -m 0440 -o nextcloud -g nextcloud -DT \
+              <(printf "%s\n" "$databasePassword") \
+              ${db-pass-filepath}
 
-          install -C -m 0440 -o nextcloud -g nextcloud -DT \
-          <(printf "%s\n" "$adminPassword") \
-          ${admin-pass-filepath}
-        '';
+              install -C -m 0440 -o nextcloud -g nextcloud -DT \
+              <(printf "%s\n" "$adminPassword") \
+              ${admin-pass-filepath}
+            '';
+          };
+        };
+        slices.nextcloud = {
+          description = "Nextcloud service slice";
+        };
       };
       services.nextcloud = {
         enable = true;
@@ -83,13 +95,5 @@
         useACMEHost = sp.domain;
         forceSSL = true;
       };
-      systemd = {
-        services = {
-          phpfpm-nextcloud.serviceConfig.Slice = "nextcloud.slice";
-        };
-        slices.nextcloud = {
-          description = "Nextcloud service slice";
-        };
-      };
     };
 }

sp-modules/ocserv/module.nix

@@ -75,10 +75,12 @@ in
         proxy_cookie_path / "/; secure; HttpOnly; SameSite=strict";
       '';
     };
-    systemd.services.ocserv.unitConfig.ConditionPathExists = [ cert key ];
     systemd = {
       services = {
-        ocserv.serviceConfig.Slice = "ocserv.slice";
+        ocserv = {
+          unitConfig.ConditionPathExists = [ cert key ];
+          serviceConfig.Slice = "ocserv.slice";
+        };
       };
       slices.ocserv = {
         description = "ocserv service slice";

sp-modules/pleroma/module.nix

@@ -68,28 +68,7 @@ in
         ];
       };
     };
-    systemd.services.pleroma-secrets = {
-      before = [ "pleroma.service" ];
-      requiredBy = [ "pleroma.service" ];
-      serviceConfig.Type = "oneshot";
-      path = with pkgs; [ coreutils jq ];
-      script = ''
-        set -o nounset
 
-        password="$(jq -re '.databasePassword' ${secrets-filepath})"
-        filecontents=$(cat <<- EOF
-        import Config
-        config :pleroma, Pleroma.Repo,
-          password: "$password"
-        EOF
-        )
-
-        install -C -m 0700 -o pleroma -g pleroma -d /var/lib/pleroma
-
-        install -C -m 0600 -o pleroma -g pleroma -DT \
-        <(printf "%s" "$filecontents") ${secrets-exs}
-      '';
-    };
     environment.etc."setup.psql".text = ''
       CREATE USER pleroma;
       CREATE DATABASE pleroma OWNER pleroma;
@@ -105,8 +84,40 @@ in
       isSystemUser = true;
       group = "pleroma";
     };
-    # seems to be an upstream nixpkgs/nixos bug (missing hexdump)
-    systemd.services.pleroma.path = [ pkgs.util-linux ];
+    systemd = {
+      services = {
+        pleroma-secrets = {
+          before = [ "pleroma.service" ];
+          requiredBy = [ "pleroma.service" ];
+          serviceConfig.Type = "oneshot";
+          path = with pkgs; [ coreutils jq ];
+          script = ''
+            set -o nounset
+
+            password="$(jq -re '.databasePassword' ${secrets-filepath})"
+            filecontents=$(cat <<- EOF
+            import Config
+            config :pleroma, Pleroma.Repo,
+              password: "$password"
+            EOF
+            )
+
+            install -C -m 0700 -o pleroma -g pleroma -d /var/lib/pleroma
+
+            install -C -m 0600 -o pleroma -g pleroma -DT \
+            <(printf "%s" "$filecontents") ${secrets-exs}
+          '';
+        };
+        pleroma = {
+          # seems to be an upstream nixpkgs/nixos bug (missing hexdump)
+          path = [ pkgs.util-linux ];
+          serviceConfig.Slice = "pleroma.slice";
+        };
+      };
+      slices.pleroma = {
+        description = "Pleroma service slice";
+      };
+    };
     services.nginx.virtualHosts."${cfg.subdomain}.${sp.domain}" = {
       useACMEHost = sp.domain;
       root = "/var/www/${cfg.subdomain}.${sp.domain}";
@@ -126,13 +137,5 @@ in
         };
       };
     };
-    systemd = {
-      services = {
-        pleroma.serviceConfig.Slice = "pleroma.slice";
-      };
-      slices.pleroma = {
-        description = "Pleroma service slice";
-      };
-    };
   };
 }