ringofstorms/dotfiles
ringofstorms/dotfiles
1
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Update dawarich network, secrets, PostGIS and headscale DNS/URL

Browse source
This commit is contained in:
Joshua Bell 2026-02-08 23:03:40 -06:00
parent 6a07b27571
commit ed76912f4b
2 changed files with 15 additions and 9 deletions
Download patch file Download diff file Expand all files Collapse all files

20
hosts/h001/containers/dawarich.nix
View file

@ -11,9 +11,9 @@ let
hostDataDir = "/drives/wd10/${name}"; hostDataDir = "/drives/wd10/${name}";
hostAddress = "10.0.0.1"; hostAddress = "10.0.0.1";
containerAddress = "10.0.0.4"; containerAddress = "10.0.0.5";
hostAddress6 = "fc00::1"; hostAddress6 = "fc00::1";
containerAddress6 = "fc00::4"; containerAddress6 = "fc00::5";
dawarichNixpkgs = inputs.dawarich-nixpkgs; dawarichNixpkgs = inputs.dawarich-nixpkgs;
@ -53,10 +53,11 @@ let
uid = 977; uid = 977;
gid = 977; gid = 977;
} }
# Secret key base file - manual setup # Secret key base file - must match the path the dawarich module expects
# The module uses systemd LoadCredential from /var/lib/dawarich/secrets/secret-key-base
{ {
host = "${hostDataDir}/secrets/secret_key_base"; host = "${hostDataDir}/secrets/secret-key-base";
container = "/var/secrets/secret_key_base"; container = "/var/lib/dawarich/secrets/secret-key-base";
readOnly = true; readOnly = true;
} }
]; ];
@ -170,8 +171,10 @@ in
services.postgresql = { services.postgresql = {
enable = true; enable = true;
package = pkgs.postgresql_17.withJIT; # Dawarich requires PostGIS for geospatial features
package = pkgs.postgresql_17.withPackages (p: [ p.postgis ]);
enableJIT = true; enableJIT = true;
extraPlugins = ps: [ ps.postgis ];
authentication = '' authentication = ''
local all all trust local all all trust
host all all 127.0.0.1/8 trust host all all 127.0.0.1/8 trust
@ -212,8 +215,9 @@ in
createLocally = true; createLocally = true;
}; };
# Secret key base # Secret key base - path must match what the module expects
secretKeyBaseFile = "/var/secrets/secret_key_base"; # The secret file is bind-mounted to /var/lib/dawarich/secrets/secret-key-base
secretKeyBaseFile = "/var/lib/dawarich/secrets/secret-key-base";
# Enable automatic migrations # Enable automatic migrations
automaticMigrations = true; automaticMigrations = true;

4
hosts/linode/l001/headscale.nix
View file

@ -7,7 +7,7 @@
services.headscale = { services.headscale = {
enable = true; enable = true;
settings = { settings = {
server_url = "https://nexus.joshuabell.xyz"; server_url = "https://headscale.joshuabell.xyz";
database.type = "sqlite3"; database.type = "sqlite3";
derp = { derp = {
auto_update_enable = true; auto_update_enable = true;
@ -48,6 +48,8 @@
(h001ARecord "git") (h001ARecord "git")
(h001ARecord "blog") (h001ARecord "blog")
(h001ARecord "etebase") (h001ARecord "etebase")
(h001ARecord "photos")
(h001ARecord "location")
]; ];
}; };
}; };