From 7742a6a97b2610ed09c96708bb74bd2f5fea3f41 Mon Sep 17 00:00:00 2001
From: nydragon <contact@ccnlc.eu>
Date: Sun, 16 Mar 2025 03:04:50 +0100
Subject: [PATCH] feat: enable polkit on all devices and use nihilus config in
 acl

---
 hosts/nihilus/default.nix       |  6 ++++++
 hosts/raptus/headscale/acls.nix |  7 ++++---
 hosts/shan/default.nix          | 26 +++++++++++++++-----------
 3 files changed, 25 insertions(+), 14 deletions(-)

diff --git a/hosts/nihilus/default.nix b/hosts/nihilus/default.nix
index 88273dd..ba21297 100644
--- a/hosts/nihilus/default.nix
+++ b/hosts/nihilus/default.nix
@@ -4,6 +4,10 @@
   ];
 
   modules = {
+    meta = {
+      tailscale.ip = "100.64.0.6";
+    };
+
     services.tailscale = {
       enable = true;
       tags = [
@@ -64,6 +68,8 @@
     };
   };
 
+  security.polkit.enable = true;
+
   services.prometheus.exporters.node = {
     enable = true;
     port = 9000;
diff --git a/hosts/raptus/headscale/acls.nix b/hosts/raptus/headscale/acls.nix
index cca6406..ea18765 100644
--- a/hosts/raptus/headscale/acls.nix
+++ b/hosts/raptus/headscale/acls.nix
@@ -16,6 +16,7 @@ let
   };
 
   shanMeta = self.nixosConfigurations.shan.config.modules.meta;
+  nihilusCfg = self.nixosConfigurations.nihilus.config;
   homeAIp = "100.64.0.9";
 in
 {
@@ -36,7 +37,9 @@ in
             "tag:client"
             "tag:server"
           ]
-          [ "tag:backup:${toString options.modules.server.rsync-daemon.port.default}" ]
+          [
+            "${nihilusCfg.modules.meta.tailscale.ip}:${toString nihilusCfg.modules.server.rsync-daemon.port}"
+          ]
         )
 
         (mkAcl
@@ -67,7 +70,6 @@ in
       tags = [
         "tag:client"
         "tag:server"
-        "tag:backup"
         "tag:guest"
       ];
 
@@ -77,7 +79,6 @@ in
           tags = map (name: "tag:${name}") [
             "server"
             "client"
-            "backup"
           ];
         in
         lib.genAttrs tags (_: users);
diff --git a/hosts/shan/default.nix b/hosts/shan/default.nix
index 063b953..9ecfe7c 100644
--- a/hosts/shan/default.nix
+++ b/hosts/shan/default.nix
@@ -162,18 +162,22 @@
       };
     };
   };
-  security.acme = {
-    acceptTerms = true;
-    defaults = {
-      email = "dns@ccnlc.eu";
-      dnsProvider = "ovh";
-      dnsResolver = "9.9.9.9"; # Necessary to avoid failing due to a local dns server
-      environmentFile = config.age.secrets.acme.path;
-    };
+  security = {
+    polkit.enable = true;
 
-    certs."ccnlc.eu" = {
-      group = "nginx";
-      extraDomainNames = [ "*.ccnlc.eu" ];
+    acme = {
+      acceptTerms = true;
+      defaults = {
+        email = "dns@ccnlc.eu";
+        dnsProvider = "ovh";
+        dnsResolver = "9.9.9.9"; # Necessary to avoid failing due to a local dns server
+        environmentFile = config.age.secrets.acme.path;
+      };
+
+      certs."ccnlc.eu" = {
+        group = "nginx";
+        extraDomainNames = [ "*.ccnlc.eu" ];
+      };
     };
   };