foodogsquared/nixos-config
1
0
Fork 0
mirror of https://github.com/foo-dogsquared/nixos-config.git synced 2025-01-31 16:57:55 +00:00
Code Issues Actions 1 Packages Projects Releases Wiki Activity
1,632 Commits 2 Branches 1 Tag 10 MiB
0b253e0553
Commit Graph

50 Commits

Author SHA1 Message Date
Gabriel Arazas
5657a5e023
services/vouch-proxy: use system user for service 
This enables integration with secrets such as sops-nix instead of the
previous service config of being a dynamic user.
 2023-10-14 11:06:23 +08:00
Gabriel Arazas
d43708983a
services/wezterm-mux-server: update service hardening options 
It should be less strict overall with the ProtectHome= settings.
 2023-10-14 11:05:46 +08:00
Gabriel Arazas
6012556a3d
services/wezterm-mux-server: revert to system user for service 
I don't know how to completely make it isolated AND working.
 2023-10-14 11:05:17 +08:00
Gabriel Arazas
7daea6c427
services/vouch-proxy: update service config 2023-10-13 14:24:44 +08:00
Gabriel Arazas
3ee04bb812
chore: reformat codebase 2023-10-09 20:48:01 +08:00
Gabriel Arazas
7d55e45f70
services/vouch-proxy: add some more hardening options 2023-10-09 20:46:06 +08:00
Gabriel Arazas
2dbb3ed68c
services/vouch-proxy: restructure for multiple instances 
This resolves some cases where the admin does not have all of their
users within the protected domain and some in others.
 2023-10-09 20:43:13 +08:00
Gabriel Arazas
5152bae032
services/vouch-proxy: add more systemd directives 2023-10-09 22:31:27 +08:00
Gabriel Arazas
b4b64fa50b
services/vouch-proxy: improve conditional settings file option 2023-10-07 20:42:52 +08:00
Gabriel Arazas
069723d38a
services/wezterm-mux-server: hardcode user and group 
With DynamicUser directive, it should be easy to make this usable.
 2023-10-06 13:48:12 +08:00
Gabriel Arazas
86d8878fab
services/vouch-proxy: init 2023-10-07 20:41:14 +08:00
Gabriel Arazas
12bb71be20
services/wezterm-mux-server: improve code 2023-10-05 10:23:09 +08:00
Gabriel Arazas
c410ece05a
treewide: remove options attribute for modules 2023-10-02 14:26:11 +08:00
Gabriel Arazas
ac39b4cc58
services/wezterm-mux-server: add user and group option 
The errors are most likely from wezterm-mux-server trying to start a
shell. This could be configured but it is better to treat this service
similarly to SSH servers.
 2023-07-28 08:35:07 +08:00
Gabriel Arazas
f34d793bb6
services/wezterm-mux-server: update hardening settings 2023-07-27 22:21:30 +08:00
Gabriel Arazas
9d75a4101f
services/wezterm-mux-server: update service dependency 2023-07-27 13:35:38 +08:00
Gabriel Arazas
3c4aef00d4
modules: convert module description to RFC0072-style 2023-07-27 11:13:39 +08:00
Gabriel Arazas
44ccbea7e1
services/wezterm-mux-server: init module 2023-07-20 10:40:04 +08:00
Gabriel Arazas
3a7816a901 chore: reformat codebase 2022-11-19 11:32:29 +08:00
Gabriel Arazas
ae0cb8596a config: refactor and update 2022-10-10 11:45:22 +08:00
Gabriel Arazas
d20b192c41 services: refactor 2022-09-12 17:36:22 +08:00
Gabriel Arazas
767bfddead services/yt-dlp: update config to log to journal 
Apparently, it doesn't really log the errors in the journal so it can
make the service failed for no reason. It can be configured to redirect
it to journal.
 2022-08-31 14:37:58 +08:00
Gabriel Arazas
36909a281f services/yt-dlp: refactor 2022-08-11 09:43:17 +08:00
Gabriel Arazas
631b14f8b5 services/archivebox: add job-specific service persistence 2022-08-06 14:04:21 +08:00
Gabriel Arazas
4dd2acfe7f services/archivebox: change jobs.<name>.links to jobs.<name>.urls 2022-07-31 14:44:29 +08:00
Gabriel Arazas
8fdd60098f services: fix correct module documentation 2022-07-30 16:22:24 +08:00
Gabriel Arazas
906ea48993 services: change dependency requirement 
I didn't realize `network.target` is very ambiguous. The next best thing
for booting up the service after the system is up is `default.target`
but we're being explicit here for NixOS services just to make sure.
 2022-07-22 15:02:30 +08:00
Gabriel Arazas
d9811b1d84 services/gallery-dl: add job persistence 2022-07-21 09:54:36 +08:00
Gabriel Arazas
e9c2c3d226 services/yt-dlp: add job persistence 2022-07-21 09:54:00 +08:00
Gabriel Arazas
37a1c4ee33 services/yt-dlp: escape extra arguments 
Proper service scripting and all that.
 2022-07-20 16:58:31 +08:00
Gabriel Arazas
dd9921fc7e services/gallery-dl: add job-specific settings 
The arguments are also arranged to let the resulting settings cascade
from service-wide to job-specific settings.
 2022-07-20 16:56:44 +08:00
Gabriel Arazas
a916d78f09 profiles/services: remove path assertions 
It was supposed to create the directory if it wasn't found which is
self-defeating. In any case, it will still fail if the directory is in
the way of an unmounted device.
 2022-07-13 19:11:33 +08:00
Gabriel Arazas
ff6f652641 services/archivebox: create service 2022-07-06 07:46:40 +08:00
Gabriel Arazas
d111304d71 nixos/services: add path assertions 2022-07-06 07:38:21 +08:00
Gabriel Arazas
cffc206eb4 services/gallery-dl: update hardening options 2022-04-29 16:55:09 +08:00
Gabriel Arazas
c9d497c3fc services/yt-dlp: update hardening options 2022-04-29 16:54:36 +08:00
Gabriel Arazas
b50b53238c services/gallery-dl: fix script and options 2022-04-22 13:14:02 +08:00
Gabriel Arazas
c0dd8ab1a8 services/yt-dlp: fix service working directory 
There is the `--paths` option for that purpose. It also eliminates the
workaround for creating the directory before starting the service for
newly-bootstrapped systems.

The several hardening options have also been corrected.
 2022-04-22 13:13:48 +08:00
Gabriel Arazas
560e296532 services/yt-dlp: harden the service 2022-04-17 22:33:04 +08:00
Gabriel Arazas
10b3d01424 services/gallery-dl: harden the service 2022-04-17 22:33:04 +08:00
Gabriel Arazas
49018fb53e modules: reformat and refactor 2022-04-06 10:48:29 +08:00
Gabriel Arazas
6e214feb4a services/yt-dlp: init service 
Structure-wise, it is pretty similar to the gallery-dl service. It was
about to be combined into a bigger service module as a dedicated service
for multimedia archiving but it is better to have them modularized in
the long run.
 2022-04-03 10:18:22 +08:00
Gabriel Arazas
e0bba5655b services/gallery-dl: init service 
Both for home-manager and NixOS, this time. Because I find use for both
of them, especially if you have a dedicated server for NixOS.
 2022-04-03 10:10:29 +08:00
Gabriel Arazas
e79460b3af nixos/services/borgmatic: remove service 
It is not needed anymore since all of my backup procedures are now done
with the NixOS borg service.
 2022-02-23 14:02:24 +08:00
Gabriel Arazas
4ec2730ad8 host/ni: use Guix module from guix-overlay 2022-02-02 12:27:32 +08:00
Gabriel Arazas
a6a4b2b1e1 Update various files 2022-01-25 09:32:17 +08:00
Gabriel Arazas
0f31e8b361 modules/nixos/services/guix: add Guix binary installation service 2022-01-19 09:53:55 +08:00
Gabriel Arazas
7db21c9fc5 Format the files through nixfmt 2022-01-11 20:22:08 +08:00
Gabriel Arazas
6b481a163a Restructure the modules 
While it is easier to maintain the modules by prefixing them all with
`modules`, it is not easy when used from other flakes and/or modules.
This is my attempt on making it easier with appropriate namespaces.

Update home-manager user from the restructure
 2022-01-09 19:44:09 +08:00
foo-dogsquared
f107560769 Create a new of borgmatic NixOS service 
Based from the original but only the service fully baked in with Nix
instead of importing the sample service and timer unit file into
systemd.
 2022-01-01 20:17:20 +08:00