test: trying to get microVMs to work

2025-12-06 21:17:14 -06:00 · 2025-11-10 02:14:52 -06:00 · 2025-11-10 02:14:52 -06:00 · a1db19bcd7
commit a1db19bcd7
parent bc73d3bc98
5 changed files with 43 additions and 10 deletions
--- a/modules/nixos/default.nix
+++ b/modules/nixos/default.nix
@ -49,8 +49,8 @@ in
          caddy
          # comfyui
          # filesorter
-          firefly-iii
+          # firefly-iii
-          forgejo
+          # forgejo
          # glance
          jellyfin
          # logrotate
--- a/modules/nixos/services/jellyfin/default.nix
+++ b/modules/nixos/services/jellyfin/default.nix
@ -70,11 +70,12 @@ in
          };
        };
-        # tmpfiles.rules = [
+        tmpfiles.rules = [
-        #   "Z ${serviceCfg.varPaths.path0} 0755 ${serviceCfg.name} ${serviceCfg.name} -"
+          "Z ${serviceCfg.varPaths.path0} 0755 ${serviceCfg.name} ${serviceCfg.name} -"
-        #   "Z ${serviceCfg.varPaths.path1} 0755 ${serviceCfg.name} ${serviceCfg.name} -"
+          "Z ${serviceCfg.varPaths.path2} 0755 ${serviceCfg.name} ${serviceCfg.name} -"
-        #   "Z ${serviceCfg.varPaths.path2} 0755 ${serviceCfg.name} ${serviceCfg.name} -"
+          "d ${serviceCfg.varPaths.path1} 0755 ${serviceCfg.name} ${serviceCfg.name} -"
-        # ];
+          "Z ${serviceCfg.varPaths.path2} 0755 ${serviceCfg.name} ${serviceCfg.name} -"
        ];
      };
      systemd.services.systemd-networkd.wantedBy = [ "multi-user.target" ];
--- a/modules/nixos/services/vaultwarden/default.nix
+++ b/modules/nixos/services/vaultwarden/default.nix
@ -101,7 +101,7 @@ in
        tmpfiles.rules = [
          "Z ${serviceCfg.varPaths.path0} 0755 ${serviceCfg.name} ${serviceCfg.name} -"
-          "Z ${serviceCfg.secretPaths.path0} 0755 ${serviceCfg.name} ${serviceCfg.name} -"
+          # "Z ${serviceCfg.secretPaths.path0} 0755 ${serviceCfg.name} ${serviceCfg.name} -"
        ];
      };
--- a/systems/ceres/config/filesystem.nix
+++ b/systems/ceres/config/filesystem.nix
@ -76,6 +76,11 @@ in
    "/etc/ssh" = {
      neededForBoot = true;
    };
    "/opt/secrets" = {
      neededForBoot = true;
    };
  }
  // (builtins.listToAttrs (
    builtins.concatMap (drive: map (folder: sambaMounts drive folder) sambaFolders) sambaDrives
@ -111,12 +116,17 @@ in
    directories = [
      "/var/cache"
      "/var/lib"
      "/opt/secrets"
      {
        directory = "/etc/ssh";
        mode = "u=rwx,g=rx,o=rx";
        user = "root";
      }
      {
        directory = "/opt/secrets";
        mode = "u=rwx,g=rx,o=rx";
        user = "root";
      }
    ];
    hideMounts = true;
    users.${user0} = {
@ -142,3 +152,25 @@ in
  services.udisks2.enable = true;
 }
 # sudo mount /dev/disk/by-label/root /mnt
 # sudo btrfs subvolume create /mnt/persistent
 # sudo btrfs subvolume create /mnt/nix
 # sudo umount /mnt
 # sudo mount -o subvol=@ /dev/disk/by-label/root /mnt
 # sudo mount -o subvol=@nix /dev/disk/by-label/root /mnt/nix
 # sudo mount -o subvol=@persistent /dev/disk/by-label/root /mnt/persistent
 # sudo mount /dev/disk/by-label/BOOT /mnt/boot
 # sudo mount /dev/disk/by-label/storage /mnt/mnt/storage
 # sudo nixos-install --root /mnt
 # sudo nixos-enter --root /mnt
 # nixos-rebuild boot
 # exit
 # sudo reboot
--- a/systems/ceres/config/sops.nix
+++ b/systems/ceres/config/sops.nix
@ -2,7 +2,7 @@
  sops = {
    secrets = {
      "network/server" = {
-        path = "/var/lib/secrets/server";
+        path = "/opt/secrets/server";
        owner = "root";
        mode = "600";
      };