diff --git a/flake.lock b/flake.lock
index 55d50b0..de89669 100644
--- a/flake.lock
+++ b/flake.lock
@@ -94,11 +94,11 @@
]
},
"locked": {
- "lastModified": 1731533236,
- "narHash": "sha256-l0KFg5HjrsfsO/JpG+r7fRrqm12kzFHyUHqHCVpMMbI=",
+ "lastModified": 1726560853,
+ "narHash": "sha256-X6rJYSESBVr3hBoH0WbKE5KvhPU5bloyZ2L4K60/fPQ=",
"owner": "numtide",
"repo": "flake-utils",
- "rev": "11707dc2f618dd54ca8739b309ec4fc024de578b",
+ "rev": "c1dfcf08411b08f6b8615f7d8971a2bfa81d5e8a",
"type": "github"
},
"original": {
@@ -136,11 +136,11 @@
]
},
"locked": {
- "lastModified": 1732482255,
- "narHash": "sha256-GUffLwzawz5WRVfWaWCg78n/HrBJrOG7QadFY6rtV8A=",
+ "lastModified": 1730837930,
+ "narHash": "sha256-0kZL4m+bKBJUBQse0HanewWO0g8hDdCvBhudzxgehqc=",
"owner": "nix-community",
"repo": "home-manager",
- "rev": "a9953635d7f34e7358d5189751110f87e3ac17da",
+ "rev": "2f607e07f3ac7e53541120536708e824acccfaa8",
"type": "github"
},
"original": {
@@ -168,11 +168,11 @@
},
"nixpkgs": {
"locked": {
- "lastModified": 1732521221,
- "narHash": "sha256-2ThgXBUXAE1oFsVATK1ZX9IjPcS4nKFOAjhPNKuiMn0=",
+ "lastModified": 1730785428,
+ "narHash": "sha256-Zwl8YgTVJTEum+L+0zVAWvXAGbWAuXHax3KzuejaDyo=",
"owner": "NixOS",
"repo": "nixpkgs",
- "rev": "4633a7c72337ea8fd23a4f2ba3972865e3ec685d",
+ "rev": "4aa36568d413aca0ea84a1684d2d46f55dbabad7",
"type": "github"
},
"original": {
@@ -184,11 +184,11 @@
},
"nur": {
"locked": {
- "lastModified": 1732704680,
- "narHash": "sha256-x3NlO2qzuobU9BrynzydX7X9oskJpysv7BI7DJ5cVSE=",
+ "lastModified": 1730885145,
+ "narHash": "sha256-UPrBEY0No1O3ULb67xYjRh2r3u7MnZovfo1oYSPCIxI=",
"owner": "nix-community",
"repo": "NUR",
- "rev": "31a30f0862fd8b5f88a6597382bb09197356b19e",
+ "rev": "c0d8828600ef47d475e6ec33513bf9af6eb6b991",
"type": "github"
},
"original": {
@@ -210,11 +210,11 @@
]
},
"locked": {
- "lastModified": 1732021966,
- "narHash": "sha256-mnTbjpdqF0luOkou8ZFi2asa1N3AA2CchR/RqCNmsGE=",
+ "lastModified": 1730814269,
+ "narHash": "sha256-fWPHyhYE6xvMI1eGY3pwBTq85wcy1YXqdzTZF+06nOg=",
"owner": "cachix",
"repo": "pre-commit-hooks.nix",
- "rev": "3308484d1a443fc5bc92012435d79e80458fe43c",
+ "rev": "d70155fdc00df4628446352fc58adc640cd705c2",
"type": "github"
},
"original": {
diff --git a/hosts/nixos/porthos/secrets/acme/dns-key.age b/hosts/nixos/porthos/secrets/acme/dns-key.age
index d7f159e..fce2a84 100644
--- a/hosts/nixos/porthos/secrets/acme/dns-key.age
+++ b/hosts/nixos/porthos/secrets/acme/dns-key.age
@@ -1,9 +1,8 @@
age-encryption.org/v1
--> ssh-ed25519 cKojmg Ec0xt1uJTva8MxUdoTVX5m3uWaIiRlodf345FEM7Uzs
-aJIneWFJPB5HVeoUGp57agXih9YeZ6xMEbyQ+zJtWQY
--> ssh-ed25519 jPowng B5XotRgv7s/FUegGhceBj7EoukewNUOIFl4TFRQf1EQ
-PgGCBd/Pqwp7ayqi7okHBGF1SfFpwT4KlHJ/np6p2uQ
---- AeLgwGz6k3OABb53cXNaCU/sgI4FlU1s6p8PhAaFOlg
-1�CԹULfI1�Hmb}m��� šg0�`X�G�>\>8rz+Y`ʢ.JBU!z¸Z50*�ٟ��I]���I
-ĵ��o�۰g�¿tn�cz�[{
-j&�NNo{
-�eP=L�
6.SP:��e
\ No newline at end of file
+-> ssh-ed25519 cKojmg bQFr9oAnbo1rI/MpUV8wQz/Xj7iZY4ZU+Swf0nSIQFw
+zama2XJ0gdvUlD2GHMhmZqHSxHe+dKSfXnHoWDcSw7Y
+-> ssh-ed25519 jPowng gitUwSKTNKWLSxnwa185O7x/u0ul93g8wPESdZaKRk8
+uvBIfAUkZp5sg6rfeEGvL5ZDV8m2uSEotW02kjPN3Hw
+--- SZxe5f/CUZBvPQa2Sz/UBY3L68rMkIGGRuZPk7YE+Vg
+r��&{~v?}=
+}+�
SQM[]k�M�AtmM/Ls|ޅmCiYC}x��
\ No newline at end of file
diff --git a/hosts/nixos/porthos/services.nix b/hosts/nixos/porthos/services.nix
index ffd150a..a2339f4 100644
--- a/hosts/nixos/porthos/services.nix
+++ b/hosts/nixos/porthos/services.nix
@@ -95,9 +95,6 @@ in
nextcloud = {
enable = true;
passwordFile = secrets."nextcloud/password".path;
- collabora = {
- enable = true;
- };
};
nix-cache = {
enable = true;
@@ -152,6 +149,11 @@ in
};
# Because I still need to play sysadmin
ssh-server.enable = true;
+ # Recipe manager
+ tandoor-recipes = {
+ enable = true;
+ secretKeyFile = secrets."tandoor-recipes/secret-key".path;
+ };
# Torrent client and webui
transmission = {
enable = true;
diff --git a/modules/home/direnv/lib/python.sh b/modules/home/direnv/lib/python.sh
index b4b2bce..780fbe6 100644
--- a/modules/home/direnv/lib/python.sh
+++ b/modules/home/direnv/lib/python.sh
@@ -53,5 +53,4 @@ layout_uv() {
PATH_add "$VIRTUAL_ENV/bin"
watch_file pyproject.toml
watch_file uv.lock
- watch_file .python-version
}
diff --git a/modules/home/tmux/default.nix b/modules/home/tmux/default.nix
index ca99fdc..71ce4ca 100644
--- a/modules/home/tmux/default.nix
+++ b/modules/home/tmux/default.nix
@@ -47,7 +47,6 @@ in
clock24 = true; # I'm one of those heathens
escapeTime = 0; # Let vim do its thing instead
historyLimit = 100000; # Bigger buffer
- mouse = false; # I dislike mouse support
terminal = "tmux-256color"; # I want accurate termcap info
plugins = with pkgs.tmuxPlugins; [
@@ -81,13 +80,6 @@ in
];
extraConfig = ''
- # Refresh configuration
- bind-key -N "Source tmux.conf" R source-file ${config.xdg.configHome}/tmux/tmux.conf \; display-message "Sourced tmux.conf!"
-
- # Accept sloppy Ctrl key when switching windows, on top of default mapping
- bind-key -N "Select the previous window" C-p previous-window
- bind-key -N "Select the next window" C-n next -window
-
# Better vim mode
bind-key -T copy-mode-vi 'v' send -X begin-selection
${
diff --git a/modules/home/xdg/default.nix b/modules/home/xdg/default.nix
index 803167f..270200e 100644
--- a/modules/home/xdg/default.nix
+++ b/modules/home/xdg/default.nix
@@ -30,10 +30,11 @@ in
};
# A tidy home is a tidy mind
dataFile = {
- "tig/.keep".text = ""; # `tig` uses `XDG_DATA_HOME` specifically...
+ "bash/.keep".text = "";
+ "gdb/.keep".text = "";
+ "tig/.keep".text = "";
};
stateFile = {
- "bash/.keep".text = "";
"python/.keep".text = "";
};
};
diff --git a/modules/nixos/services/aria/default.nix b/modules/nixos/services/aria/default.nix
index 4946663..15bb5e8 100644
--- a/modules/nixos/services/aria/default.nix
+++ b/modules/nixos/services/aria/default.nix
@@ -65,7 +65,9 @@ in
aria-rpc = {
port = cfg.rpcPort;
# Proxy websockets for RPC
- websocketsLocations = [ "/" ];
+ extraConfig = {
+ locations."/".proxyWebsockets = true;
+ };
};
};
diff --git a/modules/nixos/services/audiobookshelf/default.nix b/modules/nixos/services/audiobookshelf/default.nix
index 9985a26..cb7bc08 100644
--- a/modules/nixos/services/audiobookshelf/default.nix
+++ b/modules/nixos/services/audiobookshelf/default.nix
@@ -30,7 +30,9 @@ in
audiobookshelf = {
inherit (cfg) port;
# Proxy websockets for RPC
- websocketsLocations = [ "/" ];
+ extraConfig = {
+ locations."/".proxyWebsockets = true;
+ };
};
};
diff --git a/modules/nixos/services/drone/runner-docker/default.nix b/modules/nixos/services/drone/runner-docker/default.nix
index 1db263b..e53c608 100644
--- a/modules/nixos/services/drone/runner-docker/default.nix
+++ b/modules/nixos/services/drone/runner-docker/default.nix
@@ -39,7 +39,5 @@ in
extraGroups = [ "docker" ]; # Give access to the daemon
};
users.groups.drone-runner-docker = { };
-
- # FIXME: persistence?
};
}
diff --git a/modules/nixos/services/drone/runner-exec/default.nix b/modules/nixos/services/drone/runner-exec/default.nix
index c30a1a2..a9bb563 100644
--- a/modules/nixos/services/drone/runner-exec/default.nix
+++ b/modules/nixos/services/drone/runner-exec/default.nix
@@ -63,7 +63,5 @@ in
group = "drone-runner-exec";
};
users.groups.drone-runner-exec = { };
-
- # FIXME: persistence?
};
}
diff --git a/modules/nixos/services/drone/server/default.nix b/modules/nixos/services/drone/server/default.nix
index b5d5df7..a3a1e49 100644
--- a/modules/nixos/services/drone/server/default.nix
+++ b/modules/nixos/services/drone/server/default.nix
@@ -50,7 +50,5 @@ in
inherit (cfg) port;
};
};
-
- # FIXME: persistence?
};
}
diff --git a/modules/nixos/services/fail2ban/default.nix b/modules/nixos/services/fail2ban/default.nix
index efb07c9..be5f7da 100644
--- a/modules/nixos/services/fail2ban/default.nix
+++ b/modules/nixos/services/fail2ban/default.nix
@@ -33,7 +33,5 @@ in
bantime = "10m";
};
};
-
- # FIXME: persistence?
};
}
diff --git a/modules/nixos/services/forgejo/default.nix b/modules/nixos/services/forgejo/default.nix
index b7cc0c5..3ba4ead 100644
--- a/modules/nixos/services/forgejo/default.nix
+++ b/modules/nixos/services/forgejo/default.nix
@@ -148,8 +148,8 @@ in
};
my.system.persist.directories = [
- config.services.forgejo.lfs.contentDir
- config.services.forgejo.repositoryRoot
+ config.services.gitea.lfs.contentDir
+ config.services.gitea.repositoryRoot
];
services.fail2ban.jails = {
diff --git a/modules/nixos/services/jellyfin/default.nix b/modules/nixos/services/jellyfin/default.nix
index d5de6d5..b54f9ef 100644
--- a/modules/nixos/services/jellyfin/default.nix
+++ b/modules/nixos/services/jellyfin/default.nix
@@ -27,13 +27,17 @@ in
my.services.nginx.virtualHosts = {
jellyfin = {
port = 8096;
- websocketsLocations = [ "/socket" ];
extraConfig = {
locations."/" = {
extraConfig = ''
proxy_buffering off;
'';
};
+ # Too bad for the repetition...
+ locations."/socket" = {
+ proxyPass = "http://127.0.0.1:8096/";
+ proxyWebsockets = true;
+ };
};
};
};
diff --git a/modules/nixos/services/komga/default.nix b/modules/nixos/services/komga/default.nix
index 9412573..e1dc780 100644
--- a/modules/nixos/services/komga/default.nix
+++ b/modules/nixos/services/komga/default.nix
@@ -36,8 +36,6 @@ in
};
};
- # FIXME: persistence?
-
services.fail2ban.jails = {
komga = ''
enabled = true
diff --git a/modules/nixos/services/nextcloud/collabora.nix b/modules/nixos/services/nextcloud/collabora.nix
deleted file mode 100644
index dce1a99..0000000
--- a/modules/nixos/services/nextcloud/collabora.nix
+++ /dev/null
@@ -1,52 +0,0 @@
-# Document editor with Nextcloud
-{ config, lib, ... }:
-let
- cfg = config.my.services.nextcloud.collabora;
-in
-{
- options.my.services.nextcloud.collabora = with lib; {
- enable = mkEnableOption "Collabora integration";
-
- port = mkOption {
- type = types.port;
- default = 9980;
- example = 8080;
- description = "Internal port for API";
- };
- };
-
- config = lib.mkIf cfg.enable {
- services.collabora-online = {
- enable = true;
- inherit (cfg) port;
-
- aliasGroups = [
- {
- host = "https://collabora.${config.networking.domain}";
- # Allow using from nextcloud
- aliases = [ "https://${config.services.nextcloud.hostName}" ];
- }
- ];
-
- settings = {
- # Rely on reverse proxy for SSL
- ssl = {
- enable = false;
- termination = true;
- };
- };
- };
-
- my.services.nginx.virtualHosts = {
- collabora = {
- inherit (cfg) port;
- websocketsLocations = [
- "~ ^/cool/(.*)/ws$"
- "^~ /cool/adminws"
- ];
- };
- };
-
- # FIXME: persistence?
- };
-}
diff --git a/modules/nixos/services/nextcloud/default.nix b/modules/nixos/services/nextcloud/default.nix
index e561ce2..b13a608 100644
--- a/modules/nixos/services/nextcloud/default.nix
+++ b/modules/nixos/services/nextcloud/default.nix
@@ -4,10 +4,6 @@ let
cfg = config.my.services.nextcloud;
in
{
- imports = [
- ./collabora.nix
- ];
-
options.my.services.nextcloud = with lib; {
enable = mkEnableOption "Nextcloud";
maxSize = mkOption {
diff --git a/modules/nixos/services/nginx/default.nix b/modules/nixos/services/nginx/default.nix
index 32c1b7d..721ae76 100644
--- a/modules/nixos/services/nginx/default.nix
+++ b/modules/nixos/services/nginx/default.nix
@@ -17,16 +17,6 @@ let
'';
};
- websocketsLocations = mkOption {
- type = with types; listOf str;
- default = [ ];
- example = [ "/socket" ];
- description = ''
- Which locations on this virtual host should be configured for
- websockets.
- '';
- };
-
port = mkOption {
type = with types; nullOr port;
default = null;
@@ -70,13 +60,10 @@ let
extraConfig = mkOption {
type = types.attrs; # FIXME: forward type of virtualHosts
example = {
- extraConfig = ''
- add_header X-Clacks-Overhead "GNU Terry Pratchett";
- '';
-
- locations."/".extraConfig = ''
- client_max_body_size 1G;
- '';
+ locations."/socket" = {
+ proxyPass = "http://127.0.0.1:8096/";
+ proxyWebsockets = true;
+ };
};
default = { };
description = ''
@@ -99,7 +86,7 @@ in
type = types.str;
example = "/var/lib/acme/creds.env";
description = ''
- OVH API key file as an 'EnvironmentFile' (see `systemd.exec(5)`)
+ Gandi API key file as an 'EnvironmentFile' (see `systemd.exec(5)`)
'';
};
};
@@ -121,7 +108,12 @@ in
};
jellyfin = {
port = 8096;
- websocketsLocations = [ "/socket" ];
+ extraConfig = {
+ locations."/socket" = {
+ proxyPass = "http://127.0.0.1:8096/";
+ proxyWebsockets = true;
+ };
+ };
};
};
description = ''
@@ -203,19 +195,6 @@ in
} configured.
'';
}))
- ++ (lib.flip lib.mapAttrsToList cfg.virtualHosts (_: { subdomain, ... } @ args:
- let
- proxyPass = [ "port" "socket" ];
- proxyPassUsed = lib.any (v: args.${v} != null) proxyPass;
- in
- {
- assertion = args.websocketsLocations != [ ] -> proxyPassUsed;
- message = ''
- Subdomain '${subdomain}' can only use 'websocketsLocations' with one of ${
- lib.concatStringsSep ", " (builtins.map (v: "'${v}'") proxyPass)
- }.
- '';
- }))
++ (
let
ports = lib.my.mapFilter
@@ -262,14 +241,6 @@ in
virtualHosts =
let
domain = config.networking.domain;
- mkProxyPass = { websocketsLocations, ... }: proxyPass:
- let
- websockets = lib.genAttrs websocketsLocations (_: {
- inherit proxyPass;
- proxyWebsockets = true;
- });
- in
- { "/" = { inherit proxyPass; }; } // websockets;
mkVHost = ({ subdomain, ... } @ args: lib.nameValuePair
"${subdomain}.${domain}"
(lib.my.recursiveMerge [
@@ -280,7 +251,8 @@ in
}
# Proxy to port
(lib.optionalAttrs (args.port != null) {
- locations = mkProxyPass args "http://127.0.0.1:${toString args.port}";
+ locations."/".proxyPass =
+ "http://127.0.0.1:${toString args.port}";
})
# Serve filesystem content
(lib.optionalAttrs (args.root != null) {
@@ -288,7 +260,8 @@ in
})
# Serve to UNIX socket
(lib.optionalAttrs (args.socket != null) {
- locations = mkProxyPass args "http://unix:${args.socket}";
+ locations."/".proxyPass =
+ "http://unix:${args.socket}";
})
# Redirect to a different domain
(lib.optionalAttrs (args.redirect != null) {
@@ -308,7 +281,6 @@ in
locations."/" = {
extraConfig =
- # FIXME: check that X-User is dropped otherwise
(args.extraConfig.locations."/".extraConfig or "") + ''
# Use SSO
auth_request /sso-auth;
@@ -442,8 +414,7 @@ in
{
"${domain}" = {
extraDomainNames = [ "*.${domain}" ];
- dnsProvider = "ovh";
- dnsPropagationCheck = false; # OVH is slow
+ dnsProvider = "gandiv5";
inherit (cfg.acme) credentialsFile;
};
};
diff --git a/modules/nixos/services/paperless/default.nix b/modules/nixos/services/paperless/default.nix
index 22ca8ad..d86be58 100644
--- a/modules/nixos/services/paperless/default.nix
+++ b/modules/nixos/services/paperless/default.nix
@@ -1,4 +1,4 @@
-{ config, lib, ... }:
+{ config, lib, pkgs, ... }:
let
cfg = config.my.services.paperless;
in
@@ -80,34 +80,50 @@ in
# Misc
PAPERLESS_TIME_ZONE = config.time.timeZone;
PAPERLESS_ADMIN_USER = cfg.username;
+
+ # Fix classifier hangs
+ LD_LIBRARY_PATH = "${lib.getLib pkgs.mkl}/lib";
};
# Admin password
passwordFile = cfg.passwordFile;
-
- # Secret key
- environmentFile = cfg.secretKeyFile;
};
systemd.services = {
paperless-scheduler = {
requires = [ "postgresql.service" ];
after = [ "postgresql.service" ];
+
+ serviceConfig = {
+ EnvironmentFile = cfg.secretKeyFile;
+ };
};
paperless-consumer = {
requires = [ "postgresql.service" ];
after = [ "postgresql.service" ];
+
+ serviceConfig = {
+ EnvironmentFile = cfg.secretKeyFile;
+ };
};
paperless-web = {
requires = [ "postgresql.service" ];
after = [ "postgresql.service" ];
+
+ serviceConfig = {
+ EnvironmentFile = cfg.secretKeyFile;
+ };
};
paperless-task-queue = {
requires = [ "postgresql.service" ];
after = [ "postgresql.service" ];
+
+ serviceConfig = {
+ EnvironmentFile = cfg.secretKeyFile;
+ };
};
};
@@ -136,7 +152,11 @@ in
sso = {
enable = true;
};
- websocketsLocations = [ "/" ];
+
+ # Enable websockets on root
+ extraConfig = {
+ locations."/".proxyWebsockets = true;
+ };
};
};
diff --git a/modules/nixos/services/pdf-edit/default.nix b/modules/nixos/services/pdf-edit/default.nix
index 73527d9..d59507b 100644
--- a/modules/nixos/services/pdf-edit/default.nix
+++ b/modules/nixos/services/pdf-edit/default.nix
@@ -54,8 +54,6 @@ in
};
};
- # FIXME: persistence?
-
services.fail2ban.jails = {
stirling-pdf = ''
enabled = true
diff --git a/modules/nixos/services/pyload/default.nix b/modules/nixos/services/pyload/default.nix
index 1167509..4e8e083 100644
--- a/modules/nixos/services/pyload/default.nix
+++ b/modules/nixos/services/pyload/default.nix
@@ -56,20 +56,6 @@ in
# FIXME: backup
# FIXME: persistence
- services.fail2ban.jails = {
- pyload = ''
- enabled = true
- filter = pyload
- port = http,https
- '';
- };
-
- environment.etc = {
- "fail2ban/filter.d/pyload.conf".text = ''
- [Definition]
- failregex = ^.*Login failed for user '.*' \[CLIENT: \]$
- journalmatch = _SYSTEMD_UNIT=pyload.service
- '';
- };
+ # FIXME: fail2ban
};
}
diff --git a/modules/nixos/services/ssh-server/default.nix b/modules/nixos/services/ssh-server/default.nix
index 008738f..0cabc6f 100644
--- a/modules/nixos/services/ssh-server/default.nix
+++ b/modules/nixos/services/ssh-server/default.nix
@@ -21,11 +21,12 @@ in
};
# Persist SSH keys
- my.system.persist.files =
- let
- pubAndPrivKey = key: [ key.path "${key.path}.pub" ];
- in
- lib.concatMap pubAndPrivKey systemConfig.services.openssh.hostKeys;
+ my.system.persist.files = [
+ "/etc/ssh/ssh_host_ed25519_key"
+ "/etc/ssh/ssh_host_ed25519_key.pub"
+ "/etc/ssh/ssh_host_rsa_key"
+ "/etc/ssh/ssh_host_rsa_key.pub"
+ ];
# Opens the relevant UDP ports.
programs.mosh.enable = true;
diff --git a/modules/nixos/services/woodpecker/agent-docker/default.nix b/modules/nixos/services/woodpecker/agent-docker/default.nix
index 2e74b67..79d3299 100644
--- a/modules/nixos/services/woodpecker/agent-docker/default.nix
+++ b/modules/nixos/services/woodpecker/agent-docker/default.nix
@@ -38,7 +38,5 @@ in
];
};
};
-
- # FIXME: persistence?
};
}
diff --git a/modules/nixos/services/woodpecker/agent-exec/default.nix b/modules/nixos/services/woodpecker/agent-exec/default.nix
index 4210242..24161b0 100644
--- a/modules/nixos/services/woodpecker/agent-exec/default.nix
+++ b/modules/nixos/services/woodpecker/agent-exec/default.nix
@@ -62,7 +62,5 @@ in
];
};
};
-
- # FIXME: persistence?
};
}
diff --git a/modules/nixos/system/packages/default.nix b/modules/nixos/system/packages/default.nix
index 6a78ff6..ebea06f 100644
--- a/modules/nixos/system/packages/default.nix
+++ b/modules/nixos/system/packages/default.nix
@@ -1,5 +1,5 @@
# Common packages
-{ config, lib, ... }:
+{ config, lib, pkgs, ... }:
let
cfg = config.my.system.packages;
in
@@ -13,6 +13,10 @@ in
};
config = lib.mkIf cfg.enable {
+ environment.systemPackages = with pkgs; [
+ wget
+ ];
+
programs = {
vim = {
enable = true;
diff --git a/modules/nixos/system/persist/default.nix b/modules/nixos/system/persist/default.nix
index e0a1eeb..fbf63fa 100644
--- a/modules/nixos/system/persist/default.nix
+++ b/modules/nixos/system/persist/default.nix
@@ -47,17 +47,16 @@ in
config = lib.mkIf cfg.enable {
environment.persistence."${cfg.mountPoint}" = {
files = [
- "/etc/machine-id" # Machine-specific ID
- "/etc/adjtime" # Clock drift factor and offsets
+ "/etc/machine-id"
]
++ cfg.files
;
directories = [
- "/etc/nixos" # In case it's storage directory of our configuration
- "/var/log" # Logs
- "/var/lib/nixos" # UID/GID maps
- "/var/lib/systemd/coredump" # Coredumps
+ "/etc/nixos"
+ "/var/log"
+ "/var/lib/nixos"
+ "/var/lib/systemd/coredump"
]
++ cfg.directories
;