makefu/nixos-config
1
0
Fork 0
Code Issues Pull requests Actions Packages Projects Releases Wiki Activity

treewide: update secrets / requiresmountfor

Browse source
This commit is contained in:
makefu 2024-01-15 22:59:26 +01:00
parent 3620764f77
commit 755fd388ad
No known key found for this signature in database
GPG key ID: 36F7711F3FC0F225
6 changed files with 14 additions and 6 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
2configs/nginx/euer.wiki.nix
View file

@ -23,7 +23,7 @@ in {
sops.secrets."tw-pass.ini" = {}; sops.secrets."tw-pass.ini" = {};
state = [ base-dir ]; state = [ base-dir ];
# hotfix for broken wiki after reboot # hotfix for broken wiki after reboot
systemd.services."phpfpm-euer-wiki".serviceConfig.RequiresMountFor = [ "/media/cloud" ]; systemd.services."phpfpm-euer-wiki".unitConfig.RequiresMountsFor = [ "/media/cloud" ];
services.phpfpm = { services.phpfpm = {
pools.euer-wiki = { pools.euer-wiki = {
inherit user group; inherit user group;

4
2configs/secrets/wbob-users.nix
View file

@ -2,7 +2,7 @@
{ {
sops.secrets."wbob-passwd-kiosk".neededForUsers = true; sops.secrets."wbob-passwd-kiosk".neededForUsers = true;
users.users.kiosk.passwordFile = config.sops.secrets."wbob-passwd-kiosk".path; users.users.kiosk.hashedPasswordFile = config.sops.secrets."wbob-passwd-kiosk".path;
# override the password for root@wbob to the kiosk password # override the password for root@wbob to the kiosk password
users.users.root.passwordFile = lib.mkForce config.sops.secrets."wbob-passwd-kiosk".path; users.users.root.hashedPasswordFile = lib.mkForce config.sops.secrets."wbob-passwd-kiosk".path;
} }

2
2configs/share/omo-client.nix
View file

@ -7,7 +7,7 @@ let
"x-systemd.device-timeout=5s" "x-systemd.device-timeout=5s"
"x-systemd.mount-timeout=5s" "x-systemd.mount-timeout=5s"
]; ];
host = "omo.lan"; host = "192.168.111.11";
path = "/media/omo/photos"; path = "/media/omo/photos";
in { in {
systemd.tmpfiles.rules = [ systemd.tmpfiles.rules = [

8
2configs/share/omo.nix
View file

@ -9,7 +9,7 @@ let
in { in {
# samba share /media/crypt1/share # samba share /media/crypt1/share
systemd.services.samba-smbd.serviceConfig.RequiresMountFor = [ "/media/cryptX" ]; systemd.services.samba-smbd.unitConfig.RequiresMountsFor = lib.mkForce [ "/var/lib/samba" "/media/cryptX" ];
users.users.smbguest = { users.users.smbguest = {
name = "smbguest"; name = "smbguest";
uid = config.ids.uids.smbguest; uid = config.ids.uids.smbguest;
@ -27,6 +27,12 @@ in {
browseable = "yes"; browseable = "yes";
"guest ok" = "yes"; "guest ok" = "yes";
}; };
music = {
path = "/media/cryptX/music";
"read only" = "yes";
browseable = "yes";
"guest ok" = "yes";
};
emu = { emu = {
path = "/media/crypt1/emu"; path = "/media/crypt1/emu";
"read only" = "yes"; "read only" = "yes";

3
2configs/sync/default.nix
View file

@ -2,8 +2,9 @@
mk_peers = mapAttrs (n: v: { id = v.syncthing.id; }); mk_peers = mapAttrs (n: v: { id = v.syncthing.id; });
all_peers = filterAttrs (n: v: v.syncthing.id != null) config.krebs.hosts; all_peers = filterAttrs (n: v: v.syncthing.id != null) config.krebs.hosts;
used_peer_names = unique (flatten (mapAttrsToList (n: v: v.devices) config.services.syncthing.folders)); used_peer_names = unique (flatten (mapAttrsToList (n: v: v.devices) config.services.syncthing.settings.folders));
used_peers = filterAttrs (n: v: elem n used_peer_names) all_peers; used_peers = filterAttrs (n: v: elem n used_peer_names) all_peers;
in { in {
services.syncthing = { services.syncthing = {
enable = true; enable = true;

1
2configs/tools/dev.nix
View file

@ -18,6 +18,7 @@
sops sops
kpaste kpaste
cyberlocker-tools cyberlocker-tools
inputs.clan-core.packages.x86_64-linux.clan-cli
# esphome # broken # esphome # broken
# nix related # nix related