Compare commits
No commits in common. "26f4174b0be7dcddf417c01d5c300521e2d4207f" and "807462cd544f599eed55834a8c7e305133f2a197" have entirely different histories.
26f4174b0b
...
807462cd54
@ -1,37 +0,0 @@
|
|||||||
{ config, pkgs, lib, ... }:
|
|
||||||
let
|
|
||||||
cmdChownManga = pkgs.writeScriptBin "chownManga" ''
|
|
||||||
#!${pkgs.stdenv.shell}
|
|
||||||
|
|
||||||
chown -R amalieem:komga /tank/media/komga/Amalie
|
|
||||||
chmod -R 750 /tank/media/komga/Amalie
|
|
||||||
'';
|
|
||||||
in {
|
|
||||||
users.users."amalieem" = {
|
|
||||||
isNormalUser = true;
|
|
||||||
home = "/home/amalieem";
|
|
||||||
openssh.authorizedKeys.keys = [
|
|
||||||
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAID7e+BAoXIFmTeeBYAVImQAcyx6SCoYCErA7h16OGL70 amalieem@wentworth"
|
|
||||||
];
|
|
||||||
packages = with pkgs; [
|
|
||||||
cmdChownManga
|
|
||||||
|
|
||||||
mangal
|
|
||||||
rsync
|
|
||||||
];
|
|
||||||
};
|
|
||||||
|
|
||||||
security.sudo = {
|
|
||||||
enable = true;
|
|
||||||
extraRules = [{
|
|
||||||
commands = [
|
|
||||||
{
|
|
||||||
command = "${lib.getExe cmdChownManga}";
|
|
||||||
options = [ "NOPASSWD" ];
|
|
||||||
}
|
|
||||||
];
|
|
||||||
users = [ "amalieem" ];
|
|
||||||
}];
|
|
||||||
};
|
|
||||||
}
|
|
||||||
|
|
||||||
@ -7,7 +7,6 @@
|
|||||||
|
|
||||||
../../base.nix
|
../../base.nix
|
||||||
../../common/metrics-exporters.nix
|
../../common/metrics-exporters.nix
|
||||||
./amalieem.nix
|
|
||||||
./backup.nix
|
./backup.nix
|
||||||
# ./exports.nix
|
# ./exports.nix
|
||||||
./filesystems.nix
|
./filesystems.nix
|
||||||
@ -54,7 +53,7 @@
|
|||||||
|
|
||||||
hardware.nvidia = {
|
hardware.nvidia = {
|
||||||
modesetting.enable = true;
|
modesetting.enable = true;
|
||||||
open = false;
|
open = true;
|
||||||
};
|
};
|
||||||
|
|
||||||
hardware.graphics.enable = true;
|
hardware.graphics.enable = true;
|
||||||
|
|||||||
@ -17,16 +17,16 @@
|
|||||||
interval = "Wed *-*-8..14 00:00:00";
|
interval = "Wed *-*-8..14 00:00:00";
|
||||||
};
|
};
|
||||||
|
|
||||||
fileSystems = {
|
# fileSystems = {
|
||||||
"/mnt/feal-syn1/backup" = {
|
# "/mnt/feal-syn1/backup" = {
|
||||||
device = "feal-syn1.home.feal.no:/volume2/backup";
|
# device = "feal-syn1.home.feal.no:/volume2/backup";
|
||||||
fsType = "nfs";
|
# fsType = "nfs";
|
||||||
options = [
|
# options = [
|
||||||
"defaults"
|
# "defaults"
|
||||||
"noatime"
|
# "noatime"
|
||||||
"rw"
|
# "rw"
|
||||||
"nfsvers=3"
|
# "nfsvers=3"
|
||||||
];
|
# ];
|
||||||
};
|
# };
|
||||||
};
|
# };
|
||||||
}
|
}
|
||||||
|
|||||||
@ -12,12 +12,6 @@
|
|||||||
boot.initrd.kernelModules = [ ];
|
boot.initrd.kernelModules = [ ];
|
||||||
boot.kernelModules = [ "kvm-amd" ];
|
boot.kernelModules = [ "kvm-amd" ];
|
||||||
boot.extraModulePackages = [ ];
|
boot.extraModulePackages = [ ];
|
||||||
boot.kernelParams = [
|
|
||||||
# https://wiki.gentoo.org/wiki/Ryzen#Ryzen_Threadripper
|
|
||||||
"processor.max_cstate=1"
|
|
||||||
"rcu_nocbs=0-11"
|
|
||||||
"idle=nomwait"
|
|
||||||
];
|
|
||||||
|
|
||||||
fileSystems."/" =
|
fileSystems."/" =
|
||||||
{ device = "/dev/disk/by-uuid/ea31d0ea-2949-420a-99ea-7f77c4b7091e";
|
{ device = "/dev/disk/by-uuid/ea31d0ea-2949-420a-99ea-7f77c4b7091e";
|
||||||
|
|||||||
@ -133,7 +133,7 @@ in {
|
|||||||
ProtectProc = "invisible";
|
ProtectProc = "invisible";
|
||||||
ReadWritePaths = [ "/tank/nextcloud" "/run/phpfpm" "/run/systemd" ];
|
ReadWritePaths = [ "/tank/nextcloud" "/run/phpfpm" "/run/systemd" ];
|
||||||
ReadOnlyPaths = [ "/run/secrets" "/nix/store" ];
|
ReadOnlyPaths = [ "/run/secrets" "/nix/store" ];
|
||||||
InaccessiblePaths = [ "/tank/media" "/tank/backup" ];
|
InaccessbilePaths = [ "/tank/media" "/tank/backup" ];
|
||||||
RemoveIPC = true;
|
RemoveIPC = true;
|
||||||
RestrictSUIDSGID = true;
|
RestrictSUIDSGID = true;
|
||||||
UMask = "0007";
|
UMask = "0007";
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user