mirror of
https://github.com/nmasur/dotfiles
synced 2024-11-10 02:52:55 +00:00
fix: including disabled wireguard settings
This commit is contained in:
parent
0f4914db95
commit
13c7859a78
@ -41,6 +41,8 @@
|
|||||||
"VDPAU_DRIVER" = "radeonsi";
|
"VDPAU_DRIVER" = "radeonsi";
|
||||||
"LIBVA_DRIVER_NAME" = "radeonsi";
|
"LIBVA_DRIVER_NAME" = "radeonsi";
|
||||||
};
|
};
|
||||||
|
users.users.jellyfin.extraGroups =
|
||||||
|
[ "render" "video" ]; # Access to /dev/dri
|
||||||
|
|
||||||
};
|
};
|
||||||
|
|
||||||
|
@ -42,8 +42,10 @@
|
|||||||
|
|
||||||
# Create reverse proxy for web UI
|
# Create reverse proxy for web UI
|
||||||
caddy.routes = lib.mkAfter [{
|
caddy.routes = lib.mkAfter [{
|
||||||
group =
|
group = if (config.arrServer == config.transmissionServer) then
|
||||||
lib.mkIf (config.arrServer == config.transmissionServer) "download";
|
"download"
|
||||||
|
else
|
||||||
|
"transmission";
|
||||||
match = [{
|
match = [{
|
||||||
host = [ config.transmissionServer ];
|
host = [ config.transmissionServer ];
|
||||||
path = [ "/transmission*" ];
|
path = [ "/transmission*" ];
|
||||||
@ -76,7 +78,7 @@
|
|||||||
|
|
||||||
# Create credentials file for transmission
|
# Create credentials file for transmission
|
||||||
secrets.transmission = {
|
secrets.transmission = {
|
||||||
source = ../../private/transmission.json.age;
|
source = ../../../private/transmission.json.age;
|
||||||
dest = "${config.secretsDirectory}/transmission.json";
|
dest = "${config.secretsDirectory}/transmission.json";
|
||||||
owner = "transmission";
|
owner = "transmission";
|
||||||
group = "transmission";
|
group = "transmission";
|
||||||
|
@ -2,13 +2,16 @@
|
|||||||
|
|
||||||
options.wireguard.enable = lib.mkEnableOption "Wireguard VPN setup.";
|
options.wireguard.enable = lib.mkEnableOption "Wireguard VPN setup.";
|
||||||
|
|
||||||
config = lib.mkIf (pkgs.stdenv.isLinux && config.wireguard.enable) {
|
config = lib.mkIf (pkgs.stdenv.isLinux) {
|
||||||
|
|
||||||
networking.wireguard = {
|
networking.wireguard = {
|
||||||
enable = true;
|
enable = config.wireguard.enable;
|
||||||
interfaces = {
|
interfaces = {
|
||||||
wg0 = {
|
wg0 = {
|
||||||
|
|
||||||
|
# Something to use as a default value
|
||||||
|
ips = lib.mkDefault [ "127.0.0.1/32" ];
|
||||||
|
|
||||||
# Establishes identity of this machine
|
# Establishes identity of this machine
|
||||||
generatePrivateKeyFile = false;
|
generatePrivateKeyFile = false;
|
||||||
privateKeyFile = config.secrets.wireguard.dest;
|
privateKeyFile = config.secrets.wireguard.dest;
|
||||||
@ -23,6 +26,7 @@
|
|||||||
# Create namespace for Wireguard
|
# Create namespace for Wireguard
|
||||||
# This allows us to isolate specific programs to Wireguard
|
# This allows us to isolate specific programs to Wireguard
|
||||||
systemd.services."netns@" = {
|
systemd.services."netns@" = {
|
||||||
|
enable = config.wireguard.enable;
|
||||||
description = "%I network namespace";
|
description = "%I network namespace";
|
||||||
before = [ "network.target" ];
|
before = [ "network.target" ];
|
||||||
serviceConfig = {
|
serviceConfig = {
|
||||||
@ -35,7 +39,7 @@
|
|||||||
|
|
||||||
# Create private key file for wireguard
|
# Create private key file for wireguard
|
||||||
secrets.wireguard = {
|
secrets.wireguard = {
|
||||||
source = ../../private/wireguard.age;
|
source = ../../../private/wireguard.age;
|
||||||
dest = "${config.secretsDirectory}/wireguard";
|
dest = "${config.secretsDirectory}/wireguard";
|
||||||
};
|
};
|
||||||
|
|
||||||
|
Loading…
Reference in New Issue
Block a user