upRootNutrition/dotfiles
upRootNutrition/dotfiles
1
0
Fork 0
mirror of https://gitlab.com/upRootNutrition/dotfiles.git synced 2025-12-07 21:42:16 -06:00
Code Issues Projects 1 Releases Packages Wiki Activity Actions

test: trying to get microVMs to work

Browse source
This commit is contained in:
Nick 2025-11-10 01:21:38 -06:00
parent 5fc49f405a
commit 72bb3fbe34
11 changed files with 350 additions and 167 deletions
Download patch file Download diff file Expand all files Collapse all files

47
modules/nixos/services/vaultwarden/default.nix
View file

@ -77,24 +77,32 @@ in
serviceCfg.ports.port0
];
systemd.network = {
enable = true;
networks."20-lan" = {
matchConfig.Name = "enp0s5";
addresses = [
{ Address = "${serviceCfg.interface.ip}/24"; }
];
routes = [
{
Destination = "${hostCfg.localhost.address1}/0";
Gateway = serviceCfg.interface.gate;
}
];
dns = [
"1.1.1.1"
"8.8.8.8"
];
systemd = {
network = {
enable = true;
networks."20-lan" = {
matchConfig.Name = "enp0s5";
addresses = [
{ Address = "${serviceCfg.interface.ip}/24"; }
];
routes = [
{
Destination = "${hostCfg.localhost.address1}/0";
Gateway = serviceCfg.interface.gate;
}
];
dns = [
"1.1.1.1"
"8.8.8.8"
];
};
};
tmpfiles.rules = [
"Z ${serviceCfg.varPaths.path0} 0755 ${serviceCfg.name} ${serviceCfg.name} -"
"Z ${serviceCfg.secretPaths.path0} 0755 ${serviceCfg.name} ${serviceCfg.name} -"
];
};
systemd.services.systemd-networkd.wantedBy = [ "multi-user.target" ];
@ -140,7 +148,7 @@ in
{
mountPoint = "/run/secrets";
proto = "virtiofs";
source = "/run/secrets/${serviceCfg.name}";
source = "/var/lib/secrets/${serviceCfg.name}";
tag = "host_secrets";
}
];
@ -171,11 +179,12 @@ in
users.users.caddy.extraGroups = [ "acme" ];
systemd.tmpfiles.rules = [
"d ${serviceCfg.mntPaths.path0} 0777 root root -"
"d ${serviceCfg.mntPaths.path0} 0751 microvm wheel - -"
];
sops.secrets = {
"${serviceCfg.name}/env" = {
path = "/var/lib/secrets";
owner = "root";
mode = "0600";
};