macronova/nixos-config
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

Fix secret permission

Browse source
This commit is contained in:
Invariantspace 2024-09-01 00:25:35 -07:00
parent b08a27c475
commit 45db567972
No known key found for this signature in database
GPG key ID: EBC4A20067373921
3 changed files with 9 additions and 12 deletions
Download patch file Download diff file Expand all files Collapse all files

6
linux/nebula/jellyfin.nix
View file

@ -1,8 +1,4 @@
{ {config, ...}:
config,
pkgs,
...
}:
with config.constants; { with config.constants; {
hardware.graphics.enable = true; hardware.graphics.enable = true;

2
linux/singularity/caddy.nix
View file

@ -21,10 +21,10 @@ with config.constants; {
}; };
}) })
fqdns); fqdns);
portStr = builtins.mapAttrs (n: v: toString v) port;
homeSrv = s: "nebula:${portStr.${s}}"; homeSrv = s: "nebula:${portStr.${s}}";
localSrv = s: "${localhost}:${portStr.${s}}"; localSrv = s: "${localhost}:${portStr.${s}}";
mtfqdn = "matrix.${domain}"; mtfqdn = "matrix.${domain}";
portStr = builtins.mapAttrs (n: v: toString v) port;
wn = s: "/.well-known/${s}"; wn = s: "/.well-known/${s}";
in in
{ {

13
linux/singularity/coturn.nix
View file

@ -1,8 +1,9 @@
{config, ...}: { {config, ...}:
services.coturn = with config.constants; let with config.constants; let
acmeDir = config.security.acme.certs.${coturn-realm}.directory; acmeDir = config.security.acme.certs.${coturn-realm}.directory;
coturn-realm = "turn.${domain}"; coturn-realm = "turn.${domain}";
in { in {
services.coturn = {
enable = true; enable = true;
cert = "${acmeDir}/fullchain.pem"; cert = "${acmeDir}/fullchain.pem";
listening-port = port.coturn; listening-port = port.coturn;
@ -15,5 +16,5 @@
use-auth-secret = true; use-auth-secret = true;
}; };
sops.secrets.coturn = {}; sops.secrets.coturn.owner = "turnserver";
} }