Simmer/nixos
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Change secret owner

Browse Source
This commit is contained in:
Ethan Simmons
2024-09-15 19:34:24 -05:00
parent cea298006f
commit 7bf17aabc1
2 changed files with 41 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
flake.nix
View File

@@ -174,7 +174,8 @@
networking = {
firewall = {
allowedTCPPorts = [ 80 443 4533 6722 7878 8080 8081 8083 8089 8096 8181 8787 8902 8989 9000 9696 11112 24454 25565 25600 ];
allowedTCPPorts = [ 80 443 3843 4533 6722 7474 7878 8080 8081 8083 8089 8096 8120 8181 8443 8787 8889 8902 8989 8998 9000 9091 9696 11112 24454 25565 25600 ];
allowedUDPPorts = [ 3478 10001 ];
};
};
};

41
hosts/diphda/system.nix
View File

@@ -21,8 +21,12 @@
age.sshKeyPaths = [ "/etc/ssh/ssh_host_ed25519_key" ];
secrets."mc-arcadia/repo_password" = {};
secrets."tandoor/secret_key" = {};
secrets."tandoor/db_password" = {};
secrets."tandoor/secret_key" = {
owner = "tandoor";
};
secrets."tandoor/db_password" = {
owner = "tandoor";
};
secrets."porkbun.keytab" = {
format = "binary";
sopsFile = ../../secrets/diphda/porkbun.keytab;
@@ -77,6 +81,27 @@
};
};
systemd.services."qbit-update-port" = {
enable = true;
path = [ pkgs.bash pkgs.docker pkgs.curl pkgs.netcat ];
serviceConfig = {
Type = "oneshot";
User = "root";
Group = "root";
ExecStart = ''
/home/eesim/configs/qbittorrent/update-port.sh
'';
};
};
systemd.timers."qbit-update-port" = {
wantedBy = [ "timers.target" ];
timerConfig = {
OnCalendar = "*:0/5";
Persistent = true;
};
};
security.acme = {
acceptTerms = true;
defaults.email = "eesimmons9105@gmail.com";
@@ -122,6 +147,18 @@
];
};
users.users.tandoor = {
uid = 701;
group = "services";
extraGroups = [ "keys" ];
};
users.groups = {
services = {
gid = 1001;
};
};
system.stateVersion = "23.11";
}