refactor(sys): Modularize and move to `modules/system` or `pkgs`

1 files changed, 42 insertions, 0 deletions

diff --git a/modules/system/disks/fstrim.nix b/modules/system/disks/fstrim.nix
new file mode 100644
index 00000000..6daeb65e
--- /dev/null
+++ b/modules/system/disks/fstrim.nix
@@ -0,0 +1,42 @@
+{
+  pkgs,
+  lib,
+  cfg,
+}: {
+  timers.fstrim = lib.mkIf cfg.ssd {
+    wantedBy = ["timers.target"];
+    wants = ["fstrim.service"];
+    unitConfig = {
+      Description = "Discard unused blocks once a week";
+      Documentation = "man:fstrim";
+      ConditionVirtualization = "!container";
+      ConditionPathExists = "!/etc/initrd-release";
+    };
+    timerConfig = {
+      OnCalendar = "weekly";
+      AccuracySec = "1h";
+      Persistent = "true";
+      RandomizedDelaySec = "6000";
+    };
+  };
+  services.fstrim = lib.mkIf cfg.ssd {
+    wantedBy = lib.mkForce [];
+    unitConfig = {
+      Description = "Discard unused blocks on filesystems from /etc/fstab";
+      Documentation = "man:fstrim(8)";
+      ConditionVirtualization = "!container";
+    };
+    serviceConfig = {
+      Type = "oneshot";
+      ExecStart = "${pkgs.util-linux}/bin/fstrim --listed-in /etc/fstab:/proc/self/mountinfo --verbose --quiet-unsupported";
+      PrivateDevices = "no";
+      PrivateNetwork = "yes";
+      PrivateUsers = "no";
+      ProtectKernelTunables = "yes";
+      ProtectKernelModules = "yes";
+      ProtectControlGroups = "yes";
+      MemoryDenyWriteExecute = "yes";
+      SystemCallFilter = "@default @file-system @basic-io @system-service";
+    };
+  };
+}