SebastianStork/nixos-config
1
0
Fork 0
mirror of https://github.com/SebastianStork/nixos-config.git synced 2026-01-21 14:01:34 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions

tailscale: Add restart triggers

Browse source
This commit is contained in:
SebastianStork 2025-09-17 22:34:47 +02:00
parent 7edd02884e
commit 4f0fea5461
10 changed files with 32 additions and 11 deletions
Download patch file Download diff file Expand all files Collapse all files

5
modules/system/services/caddy.nix
View file

@ -101,7 +101,10 @@ in
}
(lib.mkIf tailscaleHostsExist {
sops.secrets."tailscale/service-auth-key".owner = config.services.caddy.user;
sops.secrets."tailscale/service-auth-key" = {
owner = config.services.caddy.user;
restartUnits = [ "caddy.service" ];
};
services.caddy = {
package = caddyWithTailscale;

5
modules/system/services/crowdsec/default.nix
View file

@ -36,7 +36,10 @@ in
cfg.prometheusPort
];
sops.secrets."crowdsec/enrollment-key".owner = user;
sops.secrets."crowdsec/enrollment-key" = {
owner = user;
restartUnits = [ "crowdsec.service" ];
};
users.groups.caddy.members = lib.mkIf cfg.sources.caddy [ user ];

5
modules/system/services/forgejo/default.nix
View file

@ -27,7 +27,10 @@ in
ports.tcp.list = [ cfg.port ];
};
sops.secrets."forgejo/admin-password".owner = config.users.users.git.name;
sops.secrets."forgejo/admin-password" = {
owner = config.users.users.git.name;
restartUnits = [ "forgejo.service" ];
};
users = {
users.git = {

7
modules/system/services/gatus.nix
View file

@ -76,9 +76,10 @@ in
sops = {
secrets."healthchecks/ping-key" = { };
templates."gatus.env".content = ''
HEALTHCHECKS_PING_KEY=${config.sops.placeholder."healthchecks/ping-key"}
'';
templates."gatus.env" = {
content = "HEALTHCHECKS_PING_KEY=${config.sops.placeholder."healthchecks/ping-key"}";
restartUnits = [ "gatus.service" ];
};
};
custom.services.gatus.endpoints =

5
modules/system/services/grafana.nix
View file

@ -21,7 +21,10 @@ in
ports.tcp.list = [ cfg.port ];
};
sops.secrets."grafana/admin-password".owner = config.users.users.grafana.name;
sops.secrets."grafana/admin-password" = {
owner = config.users.users.grafana.name;
restartUnits = [ "grafana.service" ];
};
services.grafana = {
enable = true;

1
modules/system/services/hedgedoc.nix
View file

@ -32,6 +32,7 @@ in
templates."hedgedoc/environment" = {
owner = config.users.users.hedgedoc.name;
content = "GITLAB_CLIENTSECRET=${config.sops.placeholder."hedgedoc/gitlab-auth-secret"}";
restartUnits = [ "hedgedoc.service" ];
};
};

1
modules/system/services/radicale.nix
View file

@ -33,6 +33,7 @@ in
templates."radicale/htpasswd" = {
owner = config.users.users.radicale.name;
content = "seb:${config.sops.placeholder."radicale/admin-password"}";
restartUnits = [ "radicale.service" ];
};
};

10
modules/system/services/syncthing.nix
View file

@ -59,8 +59,14 @@ in
};
sops.secrets = lib.mkIf useStaticTls {
"syncthing/cert".owner = config.services.syncthing.user;
"syncthing/key".owner = config.services.syncthing.user;
"syncthing/cert" = {
owner = config.services.syncthing.user;
restartUnits = [ "syncthing.service" ];
};
"syncthing/key" = {
owner = config.services.syncthing.user;
restartUnits = [ "syncthing.service" ];
};
};
services.syncthing = {

2
modules/system/services/tailscale.nix
View file

@ -18,7 +18,7 @@ in
config.services.tailscale.port
];
sops.secrets."tailscale/auth-key" = { };
sops.secrets."tailscale/auth-key".restartUnits = [ "tailscaled.service" ];
services.tailscale = {
enable = true;

2
modules/system/services/wlan.nix
View file

@ -31,7 +31,7 @@ in
cfg.networks
|> lib.map (name: {
name = "iwd/${name}";
value = { };
value.restartUnits = [ "iwd.service" ];
})
|> lib.listToAttrs;