feat: enable polkit on all devices and use nihilus config in acl
Some checks failed
/ test (push) Has been cancelled
Some checks failed
/ test (push) Has been cancelled
This commit is contained in:
parent
d9ce46b2c9
commit
7742a6a97b
SSH key fingerprint:
SHA256:WcjW5NJPQ8Dx4uQDmoIlVPLWE27Od3fxoe0IUvuoPHE
3 changed files with 25 additions and 14 deletions
|
|
@ -4,6 +4,10 @@
|
|||
];
|
||||
|
||||
modules = {
|
||||
meta = {
|
||||
tailscale.ip = "100.64.0.6";
|
||||
};
|
||||
|
||||
services.tailscale = {
|
||||
enable = true;
|
||||
tags = [
|
||||
|
|
@ -64,6 +68,8 @@
|
|||
};
|
||||
};
|
||||
|
||||
security.polkit.enable = true;
|
||||
|
||||
services.prometheus.exporters.node = {
|
||||
enable = true;
|
||||
port = 9000;
|
||||
|
|
|
|||
|
|
@ -16,6 +16,7 @@ let
|
|||
};
|
||||
|
||||
shanMeta = self.nixosConfigurations.shan.config.modules.meta;
|
||||
nihilusCfg = self.nixosConfigurations.nihilus.config;
|
||||
homeAIp = "100.64.0.9";
|
||||
in
|
||||
{
|
||||
|
|
@ -36,7 +37,9 @@ in
|
|||
"tag:client"
|
||||
"tag:server"
|
||||
]
|
||||
[ "tag:backup:${toString options.modules.server.rsync-daemon.port.default}" ]
|
||||
[
|
||||
"${nihilusCfg.modules.meta.tailscale.ip}:${toString nihilusCfg.modules.server.rsync-daemon.port}"
|
||||
]
|
||||
)
|
||||
|
||||
(mkAcl
|
||||
|
|
@ -67,7 +70,6 @@ in
|
|||
tags = [
|
||||
"tag:client"
|
||||
"tag:server"
|
||||
"tag:backup"
|
||||
"tag:guest"
|
||||
];
|
||||
|
||||
|
|
@ -77,7 +79,6 @@ in
|
|||
tags = map (name: "tag:${name}") [
|
||||
"server"
|
||||
"client"
|
||||
"backup"
|
||||
];
|
||||
in
|
||||
lib.genAttrs tags (_: users);
|
||||
|
|
|
|||
|
|
@ -162,18 +162,22 @@
|
|||
};
|
||||
};
|
||||
};
|
||||
security.acme = {
|
||||
acceptTerms = true;
|
||||
defaults = {
|
||||
email = "dns@ccnlc.eu";
|
||||
dnsProvider = "ovh";
|
||||
dnsResolver = "9.9.9.9"; # Necessary to avoid failing due to a local dns server
|
||||
environmentFile = config.age.secrets.acme.path;
|
||||
};
|
||||
security = {
|
||||
polkit.enable = true;
|
||||
|
||||
certs."ccnlc.eu" = {
|
||||
group = "nginx";
|
||||
extraDomainNames = [ "*.ccnlc.eu" ];
|
||||
acme = {
|
||||
acceptTerms = true;
|
||||
defaults = {
|
||||
email = "dns@ccnlc.eu";
|
||||
dnsProvider = "ovh";
|
||||
dnsResolver = "9.9.9.9"; # Necessary to avoid failing due to a local dns server
|
||||
environmentFile = config.age.secrets.acme.path;
|
||||
};
|
||||
|
||||
certs."ccnlc.eu" = {
|
||||
group = "nginx";
|
||||
extraDomainNames = [ "*.ccnlc.eu" ];
|
||||
};
|
||||
};
|
||||
};
|
||||
|
||||
|
|
|
|||
Loading…
Add table
Reference in a new issue