feat: enable polkit on all devices and use nihilus config in acl

2025-03-16 03:04:50 +01:00 · 2025-03-16 03:04:50 +01:00 · 0172f5410b
commit 0172f5410b
parent e7b83ccec1
3 changed files with 25 additions and 14 deletions
--- a/hosts/nihilus/default.nix
+++ b/hosts/nihilus/default.nix
@ -4,6 +4,10 @@
  ];

  modules = {
+    meta = {
+      tailscale.ip = "100.64.0.6";
+    };
+
    services.tailscale = {
      enable = true;
      tags = [
@ -64,6 +68,8 @@
    };
  };

+  security.polkit.enable = true;
+
  services.prometheus.exporters.node = {
    enable = true;
    port = 9000;
--- a/hosts/raptus/headscale/acls.nix
+++ b/hosts/raptus/headscale/acls.nix
@ -16,6 +16,7 @@ let
  };

  shanMeta = self.nixosConfigurations.shan.config.modules.meta;
+  nihilusCfg = self.nixosConfigurations.nihilus.config;
  homeAIp = "100.64.0.9";
 in
 {
@ -36,7 +37,9 @@ in
            "tag:client"
            "tag:server"
          ]
-          [ "tag:backup:${toString options.modules.server.rsync-daemon.port.default}" ]
+          [
+            "${nihilusCfg.modules.meta.tailscale.ip}:${toString nihilusCfg.modules.server.rsync-daemon.port}"
+          ]
        )

        (mkAcl
@ -67,7 +70,6 @@ in
      tags = [
        "tag:client"
        "tag:server"
-        "tag:backup"
        "tag:guest"
      ];

@ -77,7 +79,6 @@ in
          tags = map (name: "tag:${name}") [
            "server"
            "client"
-            "backup"
          ];
        in
        lib.genAttrs tags (_: users);
--- a/hosts/shan/default.nix
+++ b/hosts/shan/default.nix
@ -162,18 +162,22 @@
      };
    };
  };
-  security.acme = {
-    acceptTerms = true;
-    defaults = {
-      email = "dns@ccnlc.eu";
-      dnsProvider = "ovh";
-      dnsResolver = "9.9.9.9"; # Necessary to avoid failing due to a local dns server
-      environmentFile = config.age.secrets.acme.path;
-    };
+  security = {
+    polkit.enable = true;

-    certs."ccnlc.eu" = {
-      group = "nginx";
-      extraDomainNames = [ "*.ccnlc.eu" ];
+    acme = {
+      acceptTerms = true;
+      defaults = {
+        email = "dns@ccnlc.eu";
+        dnsProvider = "ovh";
+        dnsResolver = "9.9.9.9"; # Necessary to avoid failing due to a local dns server
+        environmentFile = config.age.secrets.acme.path;
+      };
+
+      certs."ccnlc.eu" = {
+        group = "nginx";
+        extraDomainNames = [ "*.ccnlc.eu" ];
+      };
    };
  };