From f87c73d3d236fb40ea8346ca7be5caada88044c9 Mon Sep 17 00:00:00 2001 From: matt1432 Date: Wed, 29 Nov 2023 22:14:29 -0500 Subject: [PATCH] refactor(oksys): move user groups to their relevant module --- devices/oksys/default.nix | 2 -- devices/oksys/modules/headscale.nix | 13 ++++++++----- devices/oksys/modules/unbound.nix | 6 +++++- 3 files changed, 13 insertions(+), 8 deletions(-) diff --git a/devices/oksys/default.nix b/devices/oksys/default.nix index db9064d..fd202be 100644 --- a/devices/oksys/default.nix +++ b/devices/oksys/default.nix @@ -17,8 +17,6 @@ "wheel" "adm" "mlocate" - "headscale" - "unbound" ]; }; home-manager.users = { diff --git a/devices/oksys/modules/headscale.nix b/devices/oksys/modules/headscale.nix index fc654bf..9e721df 100644 --- a/devices/oksys/modules/headscale.nix +++ b/devices/oksys/modules/headscale.nix @@ -1,15 +1,18 @@ { headscale, pkgs, + config, ... -}: { - environment.systemPackages = [ - headscale.packages.${pkgs.system}.headscale - ]; +}: let + headscale-flake = headscale.packages.${pkgs.system}.headscale; + user = config.services.device-vars.username; +in { + environment.systemPackages = [headscale-flake]; + users.users.${user}.extraGroups = ["headscale"]; services.headscale = { enable = true; - package = headscale.packages.${pkgs.system}.headscale; + package = headscale-flake; address = "127.0.0.1"; port = 8085; diff --git a/devices/oksys/modules/unbound.nix b/devices/oksys/modules/unbound.nix index 64a4309..4684d5a 100644 --- a/devices/oksys/modules/unbound.nix +++ b/devices/oksys/modules/unbound.nix @@ -1,7 +1,11 @@ -{...}: { +{config, ...}: let + user = config.services.device-vars.username; +in { # https://github.com/MatthewVance/unbound-docker-rpi/issues/4#issuecomment-1001879602 boot.kernel.sysctl."net.core.rmem_max" = 1048576; + users.users.${user}.extraGroups = ["unbound"]; + services.unbound = { enable = true; enableRootTrustAnchor = true;