server-config/lib.nix

{
  inputs,
  pkgs,
  ...
}:
inputs.nixpkgs.lib.extend (
  final: prev:
  let
    lib = prev;
  in
  {
    serviceMountDeps =
      serviceName: dirs:
      { pkgs, ... }:
      {
        systemd.services."${serviceName}_mounts" = {
          wants = [ "zfs.target" ];
          before = [ "${serviceName}.service" ];

          serviceConfig = {
            Type = "oneshot";
            RemainAfterExit = true;
            ExecStart = "${lib.getExe pkgs.ensureZfsMounts} ${lib.strings.concatStringsSep " " dirs}";
          };
        };

        systemd.services.${serviceName} = {
          wants = [ "${serviceName}_mounts.service" ];
          after = [ "${serviceName}_mounts.service" ];
          requires = [ "${serviceName}_mounts.service" ];
        };
      };

    # stolen from: https://stackoverflow.com/a/42398526
    optimizeWithFlags =
      pkg: flags:
      lib.overrideDerivation pkg (
        old:
        let
          newflags = lib.foldl' (acc: x: "${acc} ${x}") "" flags;
          oldflags = if (lib.hasAttr "NIX_CFLAGS_COMPILE" old) then "${old.NIX_CFLAGS_COMPILE}" else "";
        in
        {
          NIX_CFLAGS_COMPILE = "${oldflags} ${newflags}";
          # stdenv = pkgs.clang19Stdenv;
        }
      );

    optimizePackage =
      pkg:
      final.optimizeWithFlags pkg [
        "-O3"
        "-march=znver3"
        "-mtune=znver3"
      ];

    vpnNamespaceOpenPort =
      port: service:
      { ... }:
      {
        vpnNamespaces.wg = {
          portMappings = [
            {
              from = port;
              to = port;
            }
          ];

          openVPNPorts = [
            {
              port = port;
              protocol = "both";
            }
          ];
        };
        systemd.services.${service}.vpnConfinement = {
          enable = true;
          vpnNamespace = "wg";
        };
      };

    serviceDependZpool =
      serviceName: zpool:
      { config, ... }:
      {
        config = lib.mkIf (zpool != "") {
          systemd.services.${serviceName} = {
            wants = [ "zfs-import-${zpool}.service" ];
            after = [ "zfs-import-${zpool}.service" ];
            requires = [ "zfs-import-${zpool}.service" ];
          };

          # assert that the pool is even enabled
          assertions = [
            {
              assertion = builtins.elem zpool config.boot.zfs.extraPools;
              message = "${zpool} is not enabled in `boot.zfs.extraPools`";
            }
          ];
        };
      };
  }
)