mirrors_public/oddlama_nix-config
1
1
Fork 1
mirror of https://github.com/oddlama/nix-config.git synced 2025-10-11 07:10:39 +02:00
Code Activity

feat: put impermanence for services next to service definitions

Browse source
This commit is contained in:
oddlama 2023-12-18 01:01:24 +01:00
parent 8f28273b65
commit 336f648275
No known key found for this signature in database
GPG key ID: 14EFE510775FE39A
13 changed files with 98 additions and 100 deletions
Download patch file Download diff file Expand all files Collapse all files

7
hosts/ward/guests/adguardhome.nix
View file

@ -34,6 +34,13 @@ in {
};
};
environment.persistence."/persist".directories = [
{
directory = "/var/lib/private/AdGuardHome";
mode = "0700";
}
];
networking.firewall = {
allowedTCPPorts = [53];
allowedUDPPorts = [53];

9
hosts/ward/guests/forgejo.nix
View file

@ -61,6 +61,15 @@ in {
# Recommended by forgejo: https://forgejo.org/docs/latest/admin/recommendations/#git-over-ssh
services.openssh.settings.AcceptEnv = "GIT_PROTOCOL";
environment.persistence."/persist".directories = [
{
directory = config.services.gitea.stateDir;
user = "gitea";
group = "gitea";
mode = "0700";
}
];
services.gitea = {
enable = true;
package = pkgs.forgejo;

9
hosts/ward/guests/grafana.nix
View file

@ -75,6 +75,15 @@ in {
};
};
environment.persistence."/persist".directories = [
{
directory = config.services.grafana.dataDir;
user = "grafana";
group = "grafana";
mode = "0700";
}
];
services.grafana = {
enable = true;
settings = {

9
hosts/ward/guests/influxdb.nix
View file

@ -68,6 +68,15 @@ in {
group = "influxdb2";
};
environment.persistence."/persist".directories = [
{
directory = "/var/lib/influxdb2";
user = "influxdb2";
group = "influxdb2";
mode = "0700";
}
];
services.influxdb2 = {
enable = true;
settings = {

9
hosts/ward/guests/kanidm.nix
View file

@ -80,6 +80,15 @@ in {
};
};
environment.persistence."/persist".directories = [
{
directory = "/var/lib/kanidm";
user = "kanidm";
group = "kanidm";
mode = "0700";
}
];
services.kanidm = {
enableServer = true;
serverSettings = {

9
hosts/ward/guests/loki.nix
View file

@ -52,6 +52,15 @@ in {
};
};
environment.persistence."/persist".directories = [
{
directory = "/var/lib/loki";
user = "loki";
group = "loki";
mode = "0700";
}
];
services.loki = let
lokiDir = "/var/lib/loki";
in {

9
hosts/ward/guests/paperless.nix
View file

@ -46,6 +46,15 @@ in {
};
};
# TODO environment.persistence."/persist".directories = [
# TODO {
# TODO directory = "/var/lib/???";
# TODO user = "???";
# TODO group = "???";
# TODO mode = "0700";
# TODO }
# TODO ];
services.paperless = {
enable = true;
address = "0.0.0.0";

9
hosts/ward/guests/vaultwarden.nix
View file

@ -18,6 +18,15 @@ in {
group = "vaultwarden";
};
environment.persistence."/persist".directories = [
{
directory = "/var/lib/vaultwarden";
user = "vaultwarden";
group = "vaultwarden";
mode = "0700";
}
];
nodes.sentinel = {
networking.providedDomains.vaultwarden = vaultwardenDomain;

7
hosts/zackbiene/esphome.nix
View file

@ -1,4 +1,11 @@
{config, ...}: {
environment.persistence."/persist".directories = [
{
directory = "/var/lib/private/esphome";
mode = "0700";
}
];
services.esphome = {
enable = true;
enableUnixSocket = true;

9
hosts/zackbiene/home-assistant.nix
View file

@ -9,6 +9,15 @@
in {
meta.wireguard-proxy.sentinel.allowedTCPPorts = [80];
environment.persistence."/persist".directories = [
{
directory = config.services.home-assistant.configDir;
user = "hass";
group = "hass";
mode = "0700";
}
];
services.home-assistant = {
enable = true;
extraComponents = [