.github/workflows/arrow.yml

@@ -1,7 +1,5 @@
 name: Arrow
 
-run-name: Arrow - ${{ inputs.rebuild && 'Rebuild and ' || '' }}${{ inputs.action == 'create' && 'Create' || ( ${{ inputs.action == 'destroy' && 'Destroy' || 'No Action' ) }}
-
 env:
   TERRAFORM_DIRECTORY: hosts/arrow
   DEPLOY_IDENTITY_BASE64: ${{ secrets.DEPLOY_IDENTITY_BASE64 }}
@@ -26,7 +24,6 @@ on:
         options:
           - create
           - destroy
-          - nothing
 
 jobs:
   build-deploy:

modules/nixos/gaming/default.nix

@@ -3,6 +3,7 @@
   imports = [
     ./chiaki.nix
     ./dwarf-fortress.nix
+    ./leagueoflegends.nix
     ./legendary.nix
     ./lutris.nix
     ./minecraft-server.nix

modules/nixos/gaming/leagueoflegends.nix

@@ -0,0 +1,32 @@
+{ config, pkgs, lib, ... }: {
+
+  options.gaming.leagueoflegends.enable =
+    lib.mkEnableOption "League of Legends";
+
+  config =
+    lib.mkIf (config.gaming.leagueoflegends.enable && pkgs.stdenv.isLinux) {
+
+      # League of Legends anti-cheat requirement
+      boot.kernel.sysctl = { "abi.vsyscall32" = 0; };
+
+      environment.systemPackages = with pkgs; [
+
+        # Lutris requirement to install the game
+        lutris
+        amdvlk
+        wineWowPackages.stable
+        # vulkan-tools
+
+        # Required according to https://lutris.net/games/league-of-legends/
+        openssl
+        gnome.zenity
+
+        # Don't remember if this is required
+        dconf
+
+      ];
+
+      environment.sessionVariables = { QT_X11_NO_MITSHM = "1"; };
+
+    };
+}

modules/nixos/services/cloudflare.nix

@@ -98,56 +98,52 @@ in {
     services.transmission.settings.rpc-whitelist =
       builtins.concatStringsSep "," ([ "127.0.0.1" ] ++ cloudflareIpRanges);
 
-    services.cloudflare-dyndns = lib.mkIf
-      ((builtins.length config.services.cloudflare-dyndns.domains) > 0) {
-        enable = true;
-        proxied = true;
-        deleteMissing = true;
-        apiTokenFile = config.secrets.cloudflare-api.dest;
-      };
+    services.cloudflare-dyndns = {
+      enable = true;
+      proxied = true;
+      deleteMissing = true;
+      apiTokenFile = config.secrets.cloudflare-api.dest;
+    };
 
-    # Wait for secret to exist to start
-    systemd.services.cloudflare-dyndns =
-      lib.mkIf config.services.cloudflare-dyndns.enable {
-        after = [ "cloudflare-api-secret.service" ];
-        requires = [ "cloudflare-api-secret.service" ];
-      };
+    # Wait for secret to exist
+    systemd.services.cloudflare-dyndns = {
+      after = [ "cloudflare-api-secret.service" ];
+      requires = [ "cloudflare-api-secret.service" ];
+    };
 
     # Run a second copy of dyn-dns for non-proxied domains
     # Adapted from: https://github.com/NixOS/nixpkgs/blob/nixos-unstable/nixos/modules/services/networking/cloudflare-dyndns.nix
-    systemd.services.cloudflare-dyndns-noproxy =
-      lib.mkIf ((builtins.length config.cloudflare.noProxyDomains) > 0) {
-        description = "CloudFlare Dynamic DNS Client (no proxy)";
-        after = [ "network.target" "cloudflare-api-secret.service" ];
-        requires = [ "cloudflare-api-secret.service" ];
-        wantedBy = [ "multi-user.target" ];
-        startAt = "*:0/5";
+    systemd.services.cloudflare-dyndns-noproxy = {
+      description = "CloudFlare Dynamic DNS Client (no proxy)";
+      after = [ "network.target" "cloudflare-api-secret.service" ];
+      requires = [ "cloudflare-api-secret.service" ];
+      wantedBy = [ "multi-user.target" ];
+      startAt = "*:0/5";
 
-        environment = {
-          CLOUDFLARE_DOMAINS = toString config.cloudflare.noProxyDomains;
-        };
-
-        serviceConfig = {
-          Type = "simple";
-          DynamicUser = true;
-          StateDirectory = "cloudflare-dyndns-noproxy";
-          EnvironmentFile = config.services.cloudflare-dyndns.apiTokenFile;
-          ExecStart = let
-            args =
-              [ "--cache-file /var/lib/cloudflare-dyndns-noproxy/ip.cache" ]
-              ++ (if config.services.cloudflare-dyndns.ipv4 then
-                [ "-4" ]
-              else
-                [ "-no-4" ]) ++ (if config.services.cloudflare-dyndns.ipv6 then
-                  [ "-6" ]
-                else
-                  [ "-no-6" ])
-              ++ lib.optional config.services.cloudflare-dyndns.deleteMissing
-              "--delete-missing";
-
-          in "${pkgs.cloudflare-dyndns}/bin/cloudflare-dyndns ${toString args}";
-        };
+      environment = {
+        CLOUDFLARE_DOMAINS = toString config.cloudflare.noProxyDomains;
       };
 
+      serviceConfig = {
+        Type = "simple";
+        DynamicUser = true;
+        StateDirectory = "cloudflare-dyndns-noproxy";
+        EnvironmentFile = config.services.cloudflare-dyndns.apiTokenFile;
+        ExecStart = let
+          args = [ "--cache-file /var/lib/cloudflare-dyndns-noproxy/ip.cache" ]
+            ++ (if config.services.cloudflare-dyndns.ipv4 then
+              [ "-4" ]
+            else
+              [ "-no-4" ]) ++ (if config.services.cloudflare-dyndns.ipv6 then
+                [ "-6" ]
+              else
+                [ "-no-6" ])
+            ++ lib.optional config.services.cloudflare-dyndns.deleteMissing
+            "--delete-missing";
+
+        in "${pkgs.cloudflare-dyndns}/bin/cloudflare-dyndns ${toString args}";
+      };
+    };
+
   };
 }

modules/nixos/services/identity.nix

@@ -4,10 +4,7 @@
   systemd.services.wait-for-identity = {
     description = "Wait until identity file exists on the machine";
     wantedBy = [ "multi-user.target" ];
-    serviceConfig = {
-      Type = "oneshot";
-      RemainAfterExit = true;
-    };
+    serviceConfig = { Type = "oneshot"; };
     script = ''
       for i in $(seq 1 10); do
           if [ -f ${config.identityFile} ]; then

modules/nixos/services/secrets.nix

@@ -68,8 +68,7 @@
 
         description = "Decrypt secret for ${name}";
         wantedBy = [ "multi-user.target" ];
-        bindsTo = [ "wait-for-identity.service" ];
-        after = [ "wait-for-identity.service" ];
+        requires = [ "wait-for-identity.service" ];
         serviceConfig.Type = "oneshot";
         script = ''
           echo "${attrs.prefix}$(

modules/nixos/services/transmission.nix

@@ -40,15 +40,15 @@
     };
 
     # Create reverse proxy for web UI
-    caddy.routes = let
-      # Set if the download domain is the same as the Transmission domain
-      useDownloadDomain = config.hostnames.download
-        == config.hostnames.transmission;
-    in lib.mkAfter [{
-      group = if useDownloadDomain then "download" else "transmission";
+    caddy.routes = lib.mkAfter [{
+      group =
+        if (config.hostnames.download == config.hostnames.transmission) then
+          "download"
+        else
+          "transmission";
       match = [{
         host = [ config.hostnames.transmission ];
-        path = if useDownloadDomain then [ "/transmission*" ] else null;
+        path = [ "/transmission*" ];
       }];
       handle = [{
         handler = "reverse_proxy";