servo: gate costly services behind sane.maxBuildCost option

2025-08-21 02:42:58 +00:00
parent 91578c0b78
commit e700ff392f
4 changed files with 502 additions and 494 deletions
--- a/hosts/by-name/servo/services/jellyfin/default.nix
+++ b/hosts/by-name/servo/services/jellyfin/default.nix
@@ -14,10 +14,11 @@
 #
 # N.B.: default install DOES NOT SUPPORT DLNA out of the box.
 #       one must install it as a "plugin", which can be done through the UI.
-{ ... }:
+{ config, lib, ... }:

 # lib.mkIf false  #< XXX(2024-11-17): disabled because it hasn't been working for months; web UI hangs on load, TVs see no files
 {
+  config = lib.mkIf (config.sane.maxBuildCost >= 2) {
    # https://jellyfin.org/docs/general/networking/index.html
    sane.ports.ports."1900" = {
      protocol = [ "udp" ];
@@ -168,4 +169,5 @@
    };

    sane.dns.zones."uninsane.org".inet.CNAME."jelly" = "native";
+  };
 }
--- a/hosts/by-name/servo/services/kiwix-serve.nix
+++ b/hosts/by-name/servo/services/kiwix-serve.nix
@@ -1,5 +1,6 @@
-{ pkgs, ... }:
+{ config, lib, pkgs, ... }:
 {
+  config = lib.mkIf (config.sane.maxBuildCost >= 3) {
    sane.services.kiwix-serve = {
      enable = true;
      port = 8013;
@@ -37,4 +38,5 @@
    };

    sane.dns.zones."uninsane.org".inet.CNAME."w" = "native";
+  };
 }
--- a/hosts/by-name/servo/services/lemmy.nix
+++ b/hosts/by-name/servo/services/lemmy.nix
@@ -3,7 +3,7 @@
 # - <repo:LemmyNet/lemmy:docker/nginx.conf>
 # - <repo:LemmyNet/lemmy-ansible:templates/nginx.conf>

-{ lib, pkgs, ... }:
+{ config, lib, pkgs, ... }:
 let
  uiPort = 1234;  # default ui port is 1234
  backendPort = 8536; # default backend port is 8536
@@ -24,6 +24,7 @@ let
    media.video.max_frame_count = 30 * 60 * 60;
  };
 in {
+  config = lib.mkIf (config.sane.maxBuildCost >= 2) {
    services.lemmy = {
      enable = true;
      settings.hostname = "lemmy.uninsane.org";
@@ -174,4 +175,5 @@ in {
      serviceConfig.SystemCallArchitectures = "native";
      serviceConfig.SystemCallFilter = [ "@system-service" ];
    };
+  };
 }
--- a/hosts/by-name/servo/services/pleroma.nix
+++ b/hosts/by-name/servo/services/pleroma.nix
@@ -14,6 +14,7 @@ let
  # logLevel = "debug";
 in
 {
+  config = lib.mkIf (config.sane.maxBuildCost >= 2) {
    sane.persist.sys.byStore.private = [
      # contains media i've uploaded to the server
      { user = "pleroma"; group = "pleroma"; path = "/var/lib/pleroma"; method = "bind"; }
@@ -217,4 +218,5 @@ in
    sops.secrets."pleroma_secrets" = {
      owner = config.users.users.pleroma.name;
    };
+  };
 }