nydragon/nix-da
1
Fork 0
Code Issues Pull requests Activity Actions 1

feat: enable polkit on all devices and use nihilus config in acl

Browse source
This commit is contained in:
nydragon 2025-03-16 03:04:50 +01:00
parent e7b83ccec1
commit 0172f5410b
Signed by: nydragon
SSH key fingerprint: SHA256:WcjW5NJPQ8Dx4uQDmoIlVPLWE27Od3fxoe0IUvuoPHE
3 changed files with 25 additions and 14 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

6
hosts/nihilus/default.nix
View file

@ -4,6 +4,10 @@
]; ];
modules = { modules = {
meta = {
tailscale.ip = "100.64.0.6";
};
services.tailscale = { services.tailscale = {
enable = true; enable = true;
tags = [ tags = [
@ -64,6 +68,8 @@
}; };
}; };
security.polkit.enable = true;
services.prometheus.exporters.node = { services.prometheus.exporters.node = {
enable = true; enable = true;
port = 9000; port = 9000;

7
hosts/raptus/headscale/acls.nix
View file

@ -16,6 +16,7 @@ let
}; };
shanMeta = self.nixosConfigurations.shan.config.modules.meta; shanMeta = self.nixosConfigurations.shan.config.modules.meta;
nihilusCfg = self.nixosConfigurations.nihilus.config;
homeAIp = "100.64.0.9"; homeAIp = "100.64.0.9";
in in
{ {
@ -36,7 +37,9 @@ in
"tag:client" "tag:client"
"tag:server" "tag:server"
] ]
[ "tag:backup:${toString options.modules.server.rsync-daemon.port.default}" ] [
"${nihilusCfg.modules.meta.tailscale.ip}:${toString nihilusCfg.modules.server.rsync-daemon.port}"
]
) )
(mkAcl (mkAcl
@ -67,7 +70,6 @@ in
tags = [ tags = [
"tag:client" "tag:client"
"tag:server" "tag:server"
"tag:backup"
"tag:guest" "tag:guest"
]; ];
@ -77,7 +79,6 @@ in
tags = map (name: "tag:${name}") [ tags = map (name: "tag:${name}") [
"server" "server"
"client" "client"
"backup"
]; ];
in in
lib.genAttrs tags (_: users); lib.genAttrs tags (_: users);

26
hosts/shan/default.nix
View file

@ -162,18 +162,22 @@
}; };
}; };
}; };
security.acme = { security = {
acceptTerms = true; polkit.enable = true;
defaults = {
email = "dns@ccnlc.eu";
dnsProvider = "ovh";
dnsResolver = "9.9.9.9"; # Necessary to avoid failing due to a local dns server
environmentFile = config.age.secrets.acme.path;
};
certs."ccnlc.eu" = { acme = {
group = "nginx"; acceptTerms = true;
extraDomainNames = [ "*.ccnlc.eu" ]; defaults = {
email = "dns@ccnlc.eu";
dnsProvider = "ovh";
dnsResolver = "9.9.9.9"; # Necessary to avoid failing due to a local dns server
environmentFile = config.age.secrets.acme.path;
};
certs."ccnlc.eu" = {
group = "nginx";
extraDomainNames = [ "*.ccnlc.eu" ];
};
}; };
}; };