tangled.org / infra
Tangled infrastructure definitions in Nix
fork atom

spindle unholiness

Signed-off-by: oppiliappan <me@oppi.li>

oppi.li 645e32d2 1d59a1b0

verified
+21 -12
unified split
+9
hosts/nixery/services/openbao/openbao.nix
··· 1 { 2 # Create openbao user and group 3 users.groups.openbao = {}; ··· 8 home = "/var/lib/openbao"; 9 createHome = true; 10 description = "OpenBao service user"; 11 }; 12 13 services.openbao = {
··· 1 + { config, pkgs, lib, ... }: 2 { 3 # Create openbao user and group 4 users.groups.openbao = {}; ··· 9 home = "/var/lib/openbao"; 10 createHome = true; 11 description = "OpenBao service user"; 12 + }; 13 + 14 + systemd.services.openbao = { 15 + serviceConfig = { 16 + DynamicUser = lib.mkForce false; 17 + User = "openbao"; 18 + Group = "openbao"; 19 + }; 20 }; 21 22 services.openbao = {
+12 -12
hosts/nixery/services/openbao/proxy.nix
··· 83 ''; 84 85 # Create necessary directories and files 86 - # systemd.tmpfiles.rules = [ 87 - # # Directories 88 - # "d /var/lib/openbao 0755 root root -" 89 - # "d /var/lib/openbao/cache 0755 root root -" 90 - # "d /var/log/openbao 0755 root root -" 91 - # "d /etc/openbao 0755 root root -" 92 93 - # # Credential files (content must be populated externally) 94 - # "f /etc/openbao/role-id 0600 root root -" 95 - # "f /etc/openbao/secret-id 0600 root root -" 96 97 - # # Configuration file 98 - # "f /etc/openbao/proxy.hcl 0644 root root -" 99 - # ]; 100 }
··· 83 ''; 84 85 # Create necessary directories and files 86 + systemd.tmpfiles.rules = [ 87 + # Directories 88 + "d /var/lib/openbao 0755 root root -" 89 + "d /var/lib/openbao/cache 0755 root root -" 90 + "d /var/log/openbao 0755 root root -" 91 + "d /etc/openbao 0755 root root -" 92 93 + # Credential files (content must be populated externally) 94 + "f /etc/openbao/role-id 0600 root root -" 95 + "f /etc/openbao/secret-id 0600 root root -" 96 97 + # Configuration file 98 + "f /etc/openbao/proxy.hcl 0644 root root -" 99 + ]; 100 }