nixos-service.md
1 --- 2 title: 'Nixos Service' 3 category: 'automation' 4 last_verified: '2026-02-15' 5 related_files: 6 - 'src/sync-daemon.js' 7 tags: ['nixos', 'service', 'security'] 8 status: 'current' 9 --- 10 11 # NixOS Service Configuration for Sync Daemon 12 13 ## Option 1: User Service (Recommended) 14 15 Add this to your NixOS `configuration.nix` or home-manager config: 16 17 ```nix 18 { config, pkgs, ... }: 19 20 { 21 # System-level configuration (in configuration.nix) 22 systemd.user.services."333method-sync" = { 23 description = "333 Method Sync Daemon"; 24 after = [ "network.target" ]; 25 wantedBy = [ "default.target" ]; 26 27 serviceConfig = { 28 Type = "simple"; 29 WorkingDirectory = "/home/jason/SyncThing.Code/333Method"; 30 ExecStart = "${pkgs.nodejs_20}/bin/node src/sync-daemon.js"; 31 Restart = "always"; 32 RestartSec = "10s"; 33 34 # Environment file for secrets 35 EnvironmentFile = "/home/jason/SyncThing.Code/333Method/.env"; 36 37 # Security hardening (optional but recommended) 38 NoNewPrivileges = true; 39 PrivateTmp = true; 40 ProtectSystem = "strict"; 41 ProtectHome = "read-only"; 42 ReadWritePaths = [ "/home/jason/SyncThing.Code/333Method/db" ]; 43 }; 44 }; 45 } 46 ``` 47 48 ### Managing the Service 49 50 ```bash 51 # Start the service 52 systemctl --user start 333method-sync 53 54 # Enable on login 55 systemctl --user enable 333method-sync 56 57 # Check status 58 systemctl --user status 333method-sync 59 60 # View logs 61 journalctl --user -u 333method-sync -f 62 63 # Restart 64 systemctl --user restart 333method-sync 65 66 # Stop 67 systemctl --user stop 333method-sync 68 ``` 69 70 ### Enable Linger (Start on Boot, Before Login) 71 72 To start the service on boot without requiring login: 73 74 ```bash 75 sudo loginctl enable-linger jason 76 ``` 77 78 --- 79 80 ## Option 2: System Service (Alternative) 81 82 If you prefer a system-wide service (runs as a specific user): 83 84 ```nix 85 { config, pkgs, ... }: 86 87 { 88 systemd.services."333method-sync" = { 89 description = "333 Method Sync Daemon"; 90 after = [ "network.target" ]; 91 wantedBy = [ "multi-user.target" ]; 92 93 serviceConfig = { 94 Type = "simple"; 95 User = "jason"; 96 Group = "users"; 97 WorkingDirectory = "/home/jason/SyncThing.Code/333Method"; 98 ExecStart = "${pkgs.nodejs_20}/bin/node src/sync-daemon.js"; 99 Restart = "always"; 100 RestartSec = "10s"; 101 102 # Environment file for secrets 103 EnvironmentFile = "/home/jason/SyncThing.Code/333Method/.env"; 104 105 # Security hardening 106 NoNewPrivileges = true; 107 PrivateTmp = true; 108 ProtectSystem = "strict"; 109 ProtectHome = "read-only"; 110 ReadWritePaths = [ "/home/jason/SyncThing.Code/333Method/db" ]; 111 }; 112 }; 113 } 114 ``` 115 116 ### Managing the System Service 117 118 ```bash 119 # Start the service 120 sudo systemctl start 333method-sync 121 122 # Enable on boot 123 sudo systemctl enable 333method-sync 124 125 # Check status 126 sudo systemctl status 333method-sync 127 128 # View logs 129 sudo journalctl -u 333method-sync -f 130 131 # Restart 132 sudo systemctl restart 333method-sync 133 ``` 134 135 --- 136 137 ## Option 3: Home Manager Service (Most Declarative) 138 139 If you use home-manager, add to `home.nix`: 140 141 ```nix 142 { config, pkgs, ... }: 143 144 { 145 systemd.user.services."333method-sync" = { 146 Unit = { 147 Description = "333 Method Sync Daemon"; 148 After = [ "network.target" ]; 149 }; 150 151 Service = { 152 Type = "simple"; 153 WorkingDirectory = "${config.home.homeDirectory}/SyncThing/code/333Method"; 154 ExecStart = "${pkgs.nodejs_20}/bin/node src/sync-daemon.js"; 155 Restart = "always"; 156 RestartSec = "10s"; 157 EnvironmentFile = "${config.home.homeDirectory}/SyncThing/code/333Method/.env"; 158 }; 159 160 Install = { 161 WantedBy = [ "default.target" ]; 162 }; 163 }; 164 } 165 ``` 166 167 --- 168 169 ## Environment File (.env) 170 171 Ensure your `.env` file has proper permissions: 172 173 ```bash 174 chmod 600 /home/jason/SyncThing.Code/333Method/.env 175 ``` 176 177 The service will load all variables from `.env` automatically via `EnvironmentFile`. 178 179 --- 180 181 ## Applying Configuration 182 183 After adding to `configuration.nix`: 184 185 ```bash 186 # Rebuild NixOS configuration 187 sudo nixos-rebuild switch 188 189 # If using user service 190 systemctl --user daemon-reload 191 systemctl --user enable --now 333method-sync 192 193 # If using system service 194 sudo systemctl daemon-reload 195 sudo systemctl enable --now 333method-sync 196 ``` 197 198 --- 199 200 ## Troubleshooting 201 202 ### Check if service is running 203 204 ```bash 205 systemctl --user is-active 333method-sync 206 ``` 207 208 ### View recent logs 209 210 ```bash 211 journalctl --user -u 333method-sync --since "10 minutes ago" 212 ``` 213 214 ### Check for errors 215 216 ```bash 217 journalctl --user -u 333method-sync -p err 218 ``` 219 220 ### Verify environment variables are loaded 221 222 ```bash 223 systemctl --user show 333method-sync | grep Environment 224 ``` 225 226 --- 227 228 ## Recommendations 229 230 - **For desktop/laptop**: Use **Option 1** (user service) with `loginctl enable-linger` 231 - **For server**: Use **Option 2** (system service) 232 - **If using home-manager**: Use **Option 3** (most declarative) 233 234 The user service is generally preferred because: 235 236 - Easier permission management (runs as your user) 237 - No need for sudo to manage 238 - Automatically uses your user's environment 239 - More secure isolation from system services