tangled.org / infra
Tangled infrastructure definitions in Nix
27
fork

Configure Feed

Select the types of activity you want to include in your feed.

spindle unholiness

Signed-off-by: oppiliappan <me@oppi.li>

oppi.li 645e32d2 1d59a1b0

verified
+21 -12
+9
hosts/nixery/services/openbao/openbao.nix
··· 1 + { config, pkgs, lib, ... }: 1 2 { 2 3 # Create openbao user and group 3 4 users.groups.openbao = {}; ··· 8 9 home = "/var/lib/openbao"; 9 10 createHome = true; 10 11 description = "OpenBao service user"; 12 + }; 13 + 14 + systemd.services.openbao = { 15 + serviceConfig = { 16 + DynamicUser = lib.mkForce false; 17 + User = "openbao"; 18 + Group = "openbao"; 19 + }; 11 20 }; 12 21 13 22 services.openbao = {
+12 -12
hosts/nixery/services/openbao/proxy.nix
··· 83 83 ''; 84 84 85 85 # Create necessary directories and files 86 - # systemd.tmpfiles.rules = [ 87 - # # Directories 88 - # "d /var/lib/openbao 0755 root root -" 89 - # "d /var/lib/openbao/cache 0755 root root -" 90 - # "d /var/log/openbao 0755 root root -" 91 - # "d /etc/openbao 0755 root root -" 86 + systemd.tmpfiles.rules = [ 87 + # Directories 88 + "d /var/lib/openbao 0755 root root -" 89 + "d /var/lib/openbao/cache 0755 root root -" 90 + "d /var/log/openbao 0755 root root -" 91 + "d /etc/openbao 0755 root root -" 92 92 93 - # # Credential files (content must be populated externally) 94 - # "f /etc/openbao/role-id 0600 root root -" 95 - # "f /etc/openbao/secret-id 0600 root root -" 93 + # Credential files (content must be populated externally) 94 + "f /etc/openbao/role-id 0600 root root -" 95 + "f /etc/openbao/secret-id 0600 root root -" 96 96 97 - # # Configuration file 98 - # "f /etc/openbao/proxy.hcl 0644 root root -" 99 - # ]; 97 + # Configuration file 98 + "f /etc/openbao/proxy.hcl 0644 root root -" 99 + ]; 100 100 }