baduhai/nix-config
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

Compare commits

base: baduhai:a3b4781bd09a168171d8fec121c46a8e93c39d2e
Branches Tags
baduhai:master
baduhai:dendritic-light
baduhai:dendritic
baduhai:terranix
baduhai:refactor
baduhai:dms
baduhai:vim
baduhai:ansible
baduhai:niri
baduhai:hyprland
..
compare: baduhai:91f37f90230a9a958d31781652944ce2d7e9414d
Branches Tags
baduhai:master
baduhai:dendritic-light
baduhai:dendritic
baduhai:terranix
baduhai:refactor
baduhai:dms
baduhai:vim
baduhai:ansible
baduhai:niri
baduhai:hyprland

No commits in common. "a3b4781bd09a168171d8fec121c46a8e93c39d2e" and "91f37f90230a9a958d31781652944ce2d7e9414d" have entirely different histories.
a3b4781bd0 ... 91f37f9023

6 changed files with 9 additions and 27 deletions
Download patch file Download diff file Expand all files Collapse all files

7
aspects/hosts/_alexandria/nextcloud.nix
View file

@ -1,7 +1,8 @@
{ {
lib,
config, config,
inputs,
pkgs, pkgs,
inputs,
... ...
}: }:
@ -82,12 +83,12 @@ in
age.secrets = { age.secrets = {
"nextcloud-secrets.json" = { "nextcloud-secrets.json" = {
file = "${inputs.self}/secrets/nextcloud-secrets.json.age"; file = ../../../secrets/nextcloud-secrets.json.age;
owner = "nextcloud"; owner = "nextcloud";
group = "nextcloud"; group = "nextcloud";
}; };
nextcloud-adminpass = { nextcloud-adminpass = {
file = "${inputs.self}/secrets/nextcloud-adminpass.age"; file = ../../../secrets/nextcloud-adminpass.age;
owner = "nextcloud"; owner = "nextcloud";
group = "nextcloud"; group = "nextcloud";
}; };

2
aspects/hosts/_alexandria/nginx.nix
View file

@ -51,7 +51,7 @@ in
]; ];
age.secrets.cloudflare = { age.secrets.cloudflare = {
file = "${inputs.self}/secrets/cloudflare.age"; file = ../../../secrets/cloudflare.age;
owner = "nginx"; owner = "nginx";
group = "nginx"; group = "nginx";
}; };

5
aspects/hosts/_trantor/forgejo.nix
View file

@ -67,8 +67,5 @@ in
}; };
# Disable PrivateMounts to allow LoadCredential to work with bind-mounted directories # Disable PrivateMounts to allow LoadCredential to work with bind-mounted directories
systemd.services.forgejo.serviceConfig = { systemd.services.forgejo.serviceConfig.PrivateMounts = lib.mkForce false;
PrivateMounts = lib.mkForce false;
ProtectSystem = lib.mkForce false;
};
} }

4
aspects/hosts/_trantor/nginx.nix
View file

@ -8,8 +8,10 @@
let let
services = inputs.self.services; services = inputs.self.services;
# Get all unique domains from shared services on trantor (host = "trantor")
localDomains = lib.unique (map (s: s.domain) (lib.filter (s: s.host == "trantor") services)); localDomains = lib.unique (map (s: s.domain) (lib.filter (s: s.host == "trantor") services));
# Generate ACME cert configs for all local domains
acmeCerts = lib.genAttrs localDomains (domain: { acmeCerts = lib.genAttrs localDomains (domain: {
group = "nginx"; group = "nginx";
}); });
@ -49,7 +51,7 @@ in
]; ];
age.secrets.cloudflare = { age.secrets.cloudflare = {
file = "${inputs.self}/secrets/cloudflare.age"; file = ../../../secrets/cloudflare.age;
owner = "nginx"; owner = "nginx";
group = "nginx"; group = "nginx";
}; };

1
aspects/hosts/alexandria.nix
View file

@ -27,7 +27,6 @@
# other aspects # other aspects
fwupd fwupd
podman
]); ]);
}; };
} }

17
aspects/lxc.nix
View file

@ -1,17 +0,0 @@
{ ... }:
{
flake.modules.nixos.lxc =
{
config,
lib,
pkgs,
...
}:
{
virtualisation.lxc = {
enable = true;
unprivilegedContainers = true;
};
};
}