From f7f6882e71d6b603b71d515d0a3beb35ff233643 Mon Sep 17 00:00:00 2001 From: Lillian-Violet Date: Mon, 27 Nov 2023 14:12:18 +0100 Subject: [PATCH] Move stuff to more appropriate places --- nixos/queen/akkoma.nix | 3 +++ nixos/queen/configuration.nix | 23 ----------------------- nixos/queen/mail-server.nix | 11 +++++++++++ nixos/queen/nextcloud.nix | 16 ++++++++++++++++ 4 files changed, 30 insertions(+), 23 deletions(-) diff --git a/nixos/queen/akkoma.nix b/nixos/queen/akkoma.nix index affcb67..fef0b69 100644 --- a/nixos/queen/akkoma.nix +++ b/nixos/queen/akkoma.nix @@ -6,6 +6,9 @@ pkgs, ... }: { + sops.secrets."releaseCookie".mode = "0440"; + sops.secrets."releaseCookie".owner = config.users.users.akkoma.name; + users.groups.akkoma = {}; users.users = { diff --git a/nixos/queen/configuration.nix b/nixos/queen/configuration.nix index 1a556a9..60f0255 100644 --- a/nixos/queen/configuration.nix +++ b/nixos/queen/configuration.nix @@ -55,16 +55,6 @@ #Set up sops config, and configure where the keyfile is, then set the mode for the unencrypted keys sops.defaultSopsFile = ../../secrets/queen-Lillian.yaml; sops.age.keyFile = ./keys.txt; - sops.secrets."nextcloudadmin".mode = "0440"; - sops.secrets."nextcloudadmin".owner = config.users.users.nextcloud.name; - sops.secrets."nextclouddb".mode = "0440"; - sops.secrets."nextclouddb".owner = config.users.users.nextcloud.name; - sops.secrets."local.json".mode = "0440"; - sops.secrets."local.json".owner = config.users.users.onlyoffice.name; - sops.secrets."mailpass".mode = "0440"; - sops.secrets."mailpass".owner = config.users.users.virtualMail.name; - sops.secrets."releaseCookie".mode = "0440"; - sops.secrets."releaseCookie".owner = config.users.users.akkoma.name; nix = { gc = { @@ -165,19 +155,6 @@ extraGroups = ["sudo" "networkmanager" "wheel" "vboxsf"]; shell = pkgs.zsh; }; - - nextcloud.extraGroups = [config.users.groups.keys.name "aria2" "onlyoffice"]; - aria2.extraGroups = ["nextcloud"]; - mssql = { - isSystemUser = true; - group = "mssql"; - }; - - virtualMail = { - isSystemUser = true; - isNormalUser = false; - group = "virtualMail"; - }; }; virtualisation.oci-containers.containers = { diff --git a/nixos/queen/mail-server.nix b/nixos/queen/mail-server.nix index ba2179c..d591e5f 100644 --- a/nixos/queen/mail-server.nix +++ b/nixos/queen/mail-server.nix @@ -16,6 +16,17 @@ }) ]; + sops.secrets."mailpass".mode = "0440"; + sops.secrets."mailpass".owner = config.users.users.virtualMail.name; + + users.users = { + virtualMail = { + isSystemUser = true; + isNormalUser = false; + group = "virtualMail"; + }; + }; + mailserver = { enable = true; enableImap = true; diff --git a/nixos/queen/nextcloud.nix b/nixos/queen/nextcloud.nix index 20cb0d9..77d399b 100644 --- a/nixos/queen/nextcloud.nix +++ b/nixos/queen/nextcloud.nix @@ -3,6 +3,22 @@ pkgs, ... }: { + sops.secrets."nextcloudadmin".mode = "0440"; + sops.secrets."nextcloudadmin".owner = config.users.users.nextcloud.name; + sops.secrets."nextclouddb".mode = "0440"; + sops.secrets."nextclouddb".owner = config.users.users.nextcloud.name; + sops.secrets."local.json".mode = "0440"; + sops.secrets."local.json".owner = config.users.users.onlyoffice.name; + + users.users = { + nextcloud.extraGroups = [config.users.groups.keys.name "aria2" "onlyoffice"]; + aria2.extraGroups = ["nextcloud"]; + mssql = { + isSystemUser = true; + group = "mssql"; + }; + }; + # Enable Nginx services.nginx = { enable = true;