{ inputs, pkgs, ... }: inputs.nixpkgs.lib.extend ( final: prev: let lib = prev; in { serviceMountDeps = serviceName: dirs: { pkgs, ... }: { systemd.services."${serviceName}_mounts" = { wants = [ "zfs.target" ]; before = [ "${serviceName}.service" ]; serviceConfig = { Type = "oneshot"; RemainAfterExit = true; ExecStart = "${lib.getExe pkgs.ensureZfsMounts} ${lib.strings.concatStringsSep " " dirs}"; }; }; systemd.services.${serviceName} = { wants = [ "${serviceName}_mounts.service" ]; after = [ "${serviceName}_mounts.service" ]; requires = [ "${serviceName}_mounts.service" ]; }; }; # stolen from: https://stackoverflow.com/a/42398526 optimizeWithFlags = pkg: flags: lib.overrideDerivation pkg ( old: let newflags = lib.foldl' (acc: x: "${acc} ${x}") "" flags; oldflags = if (lib.hasAttr "NIX_CFLAGS_COMPILE" old) then "${old.NIX_CFLAGS_COMPILE}" else ""; in { NIX_CFLAGS_COMPILE = "${oldflags} ${newflags}"; # stdenv = pkgs.clang19Stdenv; } ); optimizePackage = pkg: final.optimizeWithFlags pkg [ "-O3" "-march=znver3" "-mtune=znver3" ]; vpnNamespaceOpenPort = port: service: { ... }: { vpnNamespaces.wg = { portMappings = [ { from = port; to = port; } ]; openVPNPorts = [ { port = port; protocol = "both"; } ]; }; systemd.services.${service}.vpnConfinement = { enable = true; vpnNamespace = "wg"; }; }; serviceDependZpool = serviceName: zpool: { config, ... }: { config = lib.mkIf (zpool != "") { systemd.services.${serviceName} = { wants = [ "zfs-import-${zpool}.service" ]; after = [ "zfs-import-${zpool}.service" ]; requires = [ "zfs-import-${zpool}.service" ]; }; # assert that the pool is even enabled assertions = [ { assertion = builtins.elem zpool config.boot.zfs.extraPools; message = "${zpool} is not enabled in `boot.zfs.extraPools`"; } ]; }; }; } )