summary refs log tree commit diff
path: root/hosts
diff options
context:
space:
mode:
authortzlil <tzlils@protonmail.com>2023-08-20 15:30:07 +0300
committertzlil <tzlils@protonmail.com>2023-08-20 15:30:07 +0300
commit6197695dfb24f1ae3269359fb9e189b24fdd86a3 (patch)
tree159fbc9b14a87048b5b820044a62f95030b2edb6 /hosts
parent61a06724bc39e94da259efba3693857bae21949f (diff)
fix dendrite, disable dhcpv6 dns servers
Diffstat (limited to 'hosts')
-rw-r--r--hosts/navi/default.nix2
-rw-r--r--hosts/vps/services/git.nix7
-rw-r--r--hosts/vps/services/matrix.nix16
3 files changed, 17 insertions, 8 deletions
diff --git a/hosts/navi/default.nix b/hosts/navi/default.nix
index 755d06b..a5ad367 100644
--- a/hosts/navi/default.nix
+++ b/hosts/navi/default.nix
@@ -54,7 +54,7 @@
       dhcpV4Config = {
         UseDNS = false;
       };
-      ipv6AcceptRAConfig = {
+      dhcpV6Config = {
         UseDNS = false;
       };
     };
diff --git a/hosts/vps/services/git.nix b/hosts/vps/services/git.nix
index 2b6d0a2..84c4241 100644
--- a/hosts/vps/services/git.nix
+++ b/hosts/vps/services/git.nix
@@ -3,7 +3,8 @@
   config,
   ...
 }: {
-  config = let cgit = pkgs.cgit-pink;
+  config = let
+    cgit = pkgs.cgit-pink;
   in {
     users.groups.git = {};
     users.users.git = {
@@ -56,6 +57,8 @@
              transport fastcgi {
                env SCRIPT_FILENAME ${cgit}/cgit/cgit.cgi
                env CGIT_CONFIG ${pkgs.writeText "cgitrc" (pkgs.lib.generators.toKeyValue {} {
+            about-filter = "${cgit}/lib/cgit/filters/about-formatting.py";
+            source-filter = "${cgit}/lib/cgit/filters/syntax-highlighting.py";
             css = "/cgit.css";
             logo = "/cgit.png";
             favicon = "/favicon.ico";
@@ -69,8 +72,6 @@
             root-title = "tzlil.net";
             root-desc = "Tzlil's Git Repositories";
             scan-path = config.users.users.git.home;
-            about-filter = "${cgit}/lib/cgit/filters/about-formatting.py";
-            source-filter = "${cgit}/lib/cgit/filters/syntax-highlighting.py";
             logo-link = "/";
             readme = ":README.md";
           })}
diff --git a/hosts/vps/services/matrix.nix b/hosts/vps/services/matrix.nix
index 005040f..af38f58 100644
--- a/hosts/vps/services/matrix.nix
+++ b/hosts/vps/services/matrix.nix
@@ -102,9 +102,17 @@
       ensureDatabases = ["dendrite"];
     };
 
+    users.groups.dendrite = {};
+    users.users.dendrite = {
+      isSystemUser = true;
+      description = "dendrite";
+      group = "dendrite";
+    };
     # not needed if i use /var/lib/private , DynamicUser can remap the permissions for the service
-    # systemd.services.dendrite.serviceConfig.User = "dendrite";
-    # systemd.services.dendrite.serviceConfig.Group = "dendrite";
+    systemd.services.dendrite.serviceConfig.User = "dendrite";
+    systemd.services.dendrite.serviceConfig.Group = "dendrite";
+    systemd.services.dendrite.serviceConfig.DynamicUser = lib.mkForce "false";
+
     environment.persistence."/nix/persist".directories = [
       {
         directory = "/var/lib/postgresql/${config.services.postgresql.package.psqlSchema}";
@@ -114,8 +122,8 @@
 
       {
         directory = "/var/lib/private/dendrite";
-        user = "root";
-        group = "root";
+        user = "dendrite";
+        group = "dendrite";
       }
     ];