From c498b867f95c7ee326790850241a91ca5bdf774e Mon Sep 17 00:00:00 2001
From: Gerg-L <GregLeyda@proton.me>
Date: Tue, 25 Feb 2025 17:35:43 -0500
Subject: [PATCH] smarter nix-serve

---
 .../gerg-desktop/services/nix-serve.nix       | 33 +++++++++----------
 1 file changed, 15 insertions(+), 18 deletions(-)

diff --git a/nixosConfigurations/gerg-desktop/services/nix-serve.nix b/nixosConfigurations/gerg-desktop/services/nix-serve.nix
index 39a8ef4..4b6eff1 100644
--- a/nixosConfigurations/gerg-desktop/services/nix-serve.nix
+++ b/nixosConfigurations/gerg-desktop/services/nix-serve.nix
@@ -1,4 +1,8 @@
-{ config, pkgs }:
+{
+  config,
+  pkgs,
+  lib,
+}:
 {
   sops.secrets.store_key.owner = "nix-serve";
 
@@ -48,30 +52,23 @@
     path = [
       config.nix.package
       pkgs.bzip2
-      pkgs.nix-serve-ng
     ];
 
+    serviceConfig = {
+      ExecStart = "${lib.getExe pkgs.nix-serve-ng} --socket /run/nix-serve/nix-serve.sock";
+      Restart = "always";
+      RestartSec = "5s";
+      User = "nix-serve";
+      Group = "nix-serve";
+      RuntimeDirectory = "nix-serve";
+      UMask = "0117";
+    };
+
     environment = {
       NIX_REMOTE = "daemon";
       NIX_SECRET_KEY_FILE = config.sops.secrets.store_key.path;
     };
 
-    script = ''
-      nix-serve --socket /run/nix-serve/nix-serve.sock &
-      PID=$!
-      sleep 1
-      chmod 660 /run/nix-serve/nix-serve.sock
-      wait "$PID"
-    '';
-
-    serviceConfig = {
-      Restart = "always";
-      RestartSec = "5s";
-      User = "nix-serve";
-      Group = "nix-serve";
-    };
   };
-  systemd.tmpfiles.rules = [ "d /run/nix-serve - nix-serve nix-serve - -" ];
-
   local.nginx.proxyVhosts."cache.gerg-l.com" = "http://unix:/run/nix-serve/nix-serve.sock";
 }