forked from mirrors_public/oddlama_nix-config
chore: simplify some impermanence, switch agenix-rekey cacheDir to /var/tmp
This commit is contained in:
oddlama
parent
b3f08ef7c3
commit
20207213c7
4 changed files with 13 additions and 41 deletions
|
|
@ -90,32 +90,16 @@ in {
|
|||
hideMounts = true;
|
||||
directories =
|
||||
[
|
||||
{
|
||||
directory = "/var/lib/systemd";
|
||||
user = "root";
|
||||
group = "root";
|
||||
mode = "0755";
|
||||
}
|
||||
{
|
||||
directory = "/var/log";
|
||||
user = "root";
|
||||
group = "root";
|
||||
mode = "0755";
|
||||
}
|
||||
#{ directory = "/tmp"; user = "root"; group = "root"; mode = "1777"; }
|
||||
#{ directory = "/var/tmp"; user = "root"; group = "root"; mode = "1777"; }
|
||||
{
|
||||
directory = "/var/spool";
|
||||
user = "root";
|
||||
group = "root";
|
||||
mode = "0755";
|
||||
}
|
||||
"/var/tmp/agenix-rekey"
|
||||
"/var/lib/systemd"
|
||||
"/var/log"
|
||||
#{ directory = "/tmp"; mode = "1777"; }
|
||||
#{ directory = "/var/tmp"; mode = "1777"; }
|
||||
"/var/spool"
|
||||
]
|
||||
++ optionals config.networking.wireless.iwd.enable [
|
||||
{
|
||||
directory = "/var/lib/iwd";
|
||||
user = "root";
|
||||
group = "root";
|
||||
mode = "0700";
|
||||
}
|
||||
];
|
||||
|
|
@ -132,12 +116,7 @@ in {
|
|||
];
|
||||
directories =
|
||||
[
|
||||
{
|
||||
directory = "/var/lib/nixos";
|
||||
user = "root";
|
||||
group = "root";
|
||||
mode = "0755";
|
||||
}
|
||||
"/var/lib/nixos"
|
||||
]
|
||||
++ optionals config.security.acme.acceptTerms [
|
||||
{
|
||||
|
|
@ -150,8 +129,6 @@ in {
|
|||
++ optionals config.services.printing.enable [
|
||||
{
|
||||
directory = "/var/lib/cups";
|
||||
user = "root";
|
||||
group = "root";
|
||||
mode = "0700";
|
||||
}
|
||||
]
|
||||
|
|
@ -238,16 +215,12 @@ in {
|
|||
++ optionals config.services.adguardhome.enable [
|
||||
{
|
||||
directory = "/var/lib/private/AdGuardHome";
|
||||
user = "root";
|
||||
group = "root";
|
||||
mode = "0700";
|
||||
}
|
||||
]
|
||||
++ optionals config.services.esphome.enable [
|
||||
{
|
||||
directory = "/var/lib/private/esphome";
|
||||
user = "root";
|
||||
group = "root";
|
||||
mode = "0700";
|
||||
}
|
||||
]
|
||||
|
|
|
|||
|
|
@ -26,7 +26,7 @@
|
|||
forceRekeyOnSystem = builtins.extraBuiltins.unsafeCurrentSystem;
|
||||
hostPubkey = config.node.secretsDir + "/host.pub";
|
||||
generatedSecretsDir = inputs.self.outPath + "/secrets/generated/${config.node.name}";
|
||||
cacheDir = "\"\${XDG_CACHE_HOME:=$HOME/.cache}/agenix-rekey\"";
|
||||
cacheDir = "/var/tmp/agenix-rekey/\"$UID\"";
|
||||
};
|
||||
|
||||
age.generators.basic-auth = {
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue