upRootNutrition/dotfiles
upRootNutrition/dotfiles
1
0
Fork 0
mirror of https://gitlab.com/upRootNutrition/dotfiles.git synced 2025-12-06 21:17:14 -06:00
Code Issues Projects 1 Releases Packages Wiki Activity Actions

test: trying to get microVMs to work

Browse source
This commit is contained in:
Nick 2025-11-10 03:43:05 -06:00
parent 6b3a861d28
commit 7c48cded1d
4 changed files with 6 additions and 22 deletions
Download patch file Download diff file Expand all files Collapse all files

5
modules/nixos/services/firefly-iii/default.nix
View file

@ -125,7 +125,7 @@ in
tmpfiles.rules = [
"Z ${serviceCfg.varPaths.path0} 0755 ${serviceCfg.name} ${serviceCfg.name} -"
"Z ${serviceCfg.secretPaths.path0} 0755 ${serviceCfg.name} ${serviceCfg.name} -"
# "Z ${serviceCfg.secretPaths.path0} 0755 ${serviceCfg.name} ${serviceCfg.name} -"
"Z /var/lib/postgresql 755 postgres postgres -"
];
};
@ -176,7 +176,7 @@ in
{
mountPoint = "/run/secrets";
proto = "virtiofs";
source = "${hostSecrets}/${serviceCfg.name}";
source = "/run/secrets/${serviceCfg.name}";
tag = "host_secrets";
}
];
@ -202,7 +202,6 @@ in
(secret: {
name = "${serviceCfg.name}/${secret}";
value = {
path = hostSecrets;
owner = "root";
mode = "600";
};

6
modules/nixos/services/forgejo/default.nix
View file

@ -128,7 +128,7 @@ in
tmpfiles.rules = [
"Z ${serviceCfg.varPaths.path0} 0755 ${serviceCfg.name} ${serviceCfg.name} -"
"Z ${serviceCfg.secretPaths.path0} 0755 ${serviceCfg.name} ${serviceCfg.name} -"
# "Z ${serviceCfg.secretPaths.path0} 0755 ${serviceCfg.name} ${serviceCfg.name} -"
"Z /var/lib/postgresql 0755 postgres postgres -"
];
};
@ -180,7 +180,7 @@ in
{
mountPoint = "/run/secrets";
proto = "virtiofs";
source = "${hostSecrets}/${serviceCfg.name}";
source = "/run/secrets/${serviceCfg.name}";
tag = "host_secrets";
}
];
@ -208,12 +208,10 @@ in
sops.secrets = {
"${serviceCfg.name}/smtp" = {
path = hostSecrets;
owner = "root";
mode = "0600";
};
"${serviceCfg.name}/database" = {
path = hostSecrets;
owner = "root";
mode = "0600";
};

5
modules/nixos/services/vaultwarden/default.nix
View file

@ -12,7 +12,7 @@ let
dns0 = instances.web.dns.provider0;
host = serviceCfg.domains.url0;
dns0Path = "dns/${dns0}";
hostSecrets = "/opt/secrets";
hostSecrets = "/var/lib/secrets/${serviceCfg.name}";
in
{
@ -149,7 +149,7 @@ in
{
mountPoint = "/run/secrets";
proto = "virtiofs";
source = "${hostSecrets}/${serviceCfg.name}";
source = "/run/secrets/${serviceCfg.name}";
tag = "host_secrets";
}
];
@ -185,7 +185,6 @@ in
sops.secrets = {
"${serviceCfg.name}/env" = {
path = hostSecrets;
owner = "root";
mode = "0600";
};

12
systems/ceres/config/filesystem.nix
View file

@ -77,10 +77,6 @@ in
neededForBoot = true;
};
"/opt/secrets" = {
neededForBoot = true;
};
}
// (builtins.listToAttrs (
builtins.concatMap (drive: map (folder: sambaMounts drive folder) sambaFolders) sambaDrives
@ -121,12 +117,6 @@ in
mode = "u=rwx,g=rx,o=rx";
user = "root";
}
{
directory = "/opt/secrets";
mode = "u=rwx,g=rx,o=rx";
user = "root";
}
];
hideMounts = true;
users.${user0} = {
@ -146,8 +136,6 @@ in
systemd.tmpfiles.rules = [
"Z ${config.home-manager.users.${user0}.home.homeDirectory} 0755 ${user0} users -"
"d /mnt/storage 2775 root root -"
"d /opt/secrets 0755 root root -"
];
services.udisks2.enable = true;