baduhai/nix-config
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

Compare commits

base: baduhai:91f37f90230a9a958d31781652944ce2d7e9414d
Branches Tags
baduhai:master
baduhai:dendritic-light
baduhai:dendritic
baduhai:terranix
baduhai:refactor
baduhai:dms
baduhai:vim
baduhai:ansible
baduhai:niri
baduhai:hyprland
..
compare: baduhai:a3b4781bd09a168171d8fec121c46a8e93c39d2e
Branches Tags
baduhai:master
baduhai:dendritic-light
baduhai:dendritic
baduhai:terranix
baduhai:refactor
baduhai:dms
baduhai:vim
baduhai:ansible
baduhai:niri
baduhai:hyprland

3 commits
91f37f9023 ... a3b4781bd0

Author SHA1 Message Date
William
a3b4781bd0 fix forgejo on trantor 2026-02-16 00:14:43 -03:00
William
fe460c9151 fix secrets locations 2026-02-15 23:01:25 -03:00
William
10f823a3a6 lxc support for alexandria 2026-02-15 22:21:33 -03:00
6 changed files with 27 additions and 9 deletions
Download patch file Download diff file Expand all files Collapse all files

7
aspects/hosts/_alexandria/nextcloud.nix
View file

@ -1,8 +1,7 @@
{
lib,
config,
pkgs,
inputs,
pkgs,
...
}:
@ -83,12 +82,12 @@ in
age.secrets = {
"nextcloud-secrets.json" = {
file = ../../../secrets/nextcloud-secrets.json.age;
file = "${inputs.self}/secrets/nextcloud-secrets.json.age";
owner = "nextcloud";
group = "nextcloud";
};
nextcloud-adminpass = {
file = ../../../secrets/nextcloud-adminpass.age;
file = "${inputs.self}/secrets/nextcloud-adminpass.age";
owner = "nextcloud";
group = "nextcloud";
};

2
aspects/hosts/_alexandria/nginx.nix
View file

@ -51,7 +51,7 @@ in
];
age.secrets.cloudflare = {
file = ../../../secrets/cloudflare.age;
file = "${inputs.self}/secrets/cloudflare.age";
owner = "nginx";
group = "nginx";
};

5
aspects/hosts/_trantor/forgejo.nix
View file

@ -67,5 +67,8 @@ in
};
# Disable PrivateMounts to allow LoadCredential to work with bind-mounted directories
systemd.services.forgejo.serviceConfig.PrivateMounts = lib.mkForce false;
systemd.services.forgejo.serviceConfig = {
PrivateMounts = lib.mkForce false;
ProtectSystem = lib.mkForce false;
};
}

4
aspects/hosts/_trantor/nginx.nix
View file

@ -8,10 +8,8 @@
let
services = inputs.self.services;
# Get all unique domains from shared services on trantor (host = "trantor")
localDomains = lib.unique (map (s: s.domain) (lib.filter (s: s.host == "trantor") services));
# Generate ACME cert configs for all local domains
acmeCerts = lib.genAttrs localDomains (domain: {
group = "nginx";
});
@ -51,7 +49,7 @@ in
];
age.secrets.cloudflare = {
file = ../../../secrets/cloudflare.age;
file = "${inputs.self}/secrets/cloudflare.age";
owner = "nginx";
group = "nginx";
};

1
aspects/hosts/alexandria.nix
View file

@ -27,6 +27,7 @@
# other aspects
fwupd
podman
]);
};
}

17
aspects/lxc.nix Normal file
View file

@ -0,0 +1,17 @@
{ ... }:
{
flake.modules.nixos.lxc =
{
config,
lib,
pkgs,
...
}:
{
virtualisation.lxc = {
enable = true;
unprivilegedContainers = true;
};
};
}