imxyy1soope1/nixos-dotfiles
1
0
Fork 0
Code Issues Pull Requests Actions Activity

feat(sops-nix): use restartUnits

Browse Source
This commit is contained in:
imxyy_soope_
2025-12-07 16:34:21 +08:00
parent 010789965a
commit 90b85963cd
10 changed files with 22 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
config/hosts/imxyy-nix-server/build.nix
View File

@@ -7,6 +7,7 @@
{ {
sops.secrets.et-imxyy-nix-server-nixremote = { sops.secrets.et-imxyy-nix-server-nixremote = {
sopsFile = secrets.et-imxyy-nix-server-nixremote; sopsFile = secrets.et-imxyy-nix-server-nixremote;
restartUnits = [ "easytier-nixremote.service" ];
format = "binary"; format = "binary";
}; };
environment.systemPackages = [ pkgs.easytier ]; environment.systemPackages = [ pkgs.easytier ];

1
config/hosts/imxyy-nix-server/efl.nix
View File

@@ -2,6 +2,7 @@
{ {
sops.secrets.efl-tuwunel-env = { sops.secrets.efl-tuwunel-env = {
sopsFile = secrets.efl-tuwunel; sopsFile = secrets.efl-tuwunel;
restartUnits = [ "podman-tuwunel.service" ];
format = "dotenv"; format = "dotenv";
}; };
virtualisation.oci-containers.containers = { virtualisation.oci-containers.containers = {

3
config/hosts/imxyy-nix-server/matrix.nix
View File

@@ -9,12 +9,14 @@
]; ];
sops.secrets.tuwunel-reg-token = { sops.secrets.tuwunel-reg-token = {
sopsFile = secrets.tuwunel-reg-token; sopsFile = secrets.tuwunel-reg-token;
restartUnits = [ "tuwunel.service" ];
format = "binary"; format = "binary";
owner = config.services.matrix-tuwunel.user; owner = config.services.matrix-tuwunel.user;
group = config.services.matrix-tuwunel.group; group = config.services.matrix-tuwunel.group;
}; };
sops.secrets.tuwunel-turn-secret = { sops.secrets.tuwunel-turn-secret = {
sopsFile = secrets.tuwunel-turn-secret; sopsFile = secrets.tuwunel-turn-secret;
restartUnits = [ "tuwunel.service" ];
format = "binary"; format = "binary";
owner = config.services.matrix-tuwunel.user; owner = config.services.matrix-tuwunel.user;
group = config.services.matrix-tuwunel.group; group = config.services.matrix-tuwunel.group;
@@ -68,6 +70,7 @@
sops.secrets.mautrix-telegram = { sops.secrets.mautrix-telegram = {
sopsFile = secrets.mautrix-telegram; sopsFile = secrets.mautrix-telegram;
restartUnits = [ "mautrix-telegram.service" ];
format = "dotenv"; format = "dotenv";
owner = "mautrix-telegram"; owner = "mautrix-telegram";
group = "mautrix-telegram"; group = "mautrix-telegram";

1
config/hosts/imxyy-nix-server/minio.nix
View File

@@ -2,6 +2,7 @@
{ {
sops.secrets.minio-env = { sops.secrets.minio-env = {
sopsFile = secrets.minio; sopsFile = secrets.minio;
restartUnits = [ "minio.service" ];
format = "dotenv"; format = "dotenv";
}; };
services.minio = { services.minio = {

4
config/hosts/imxyy-nix-server/net.nix
View File

@@ -142,6 +142,7 @@
sops.secrets.dae-imxyy-nix-server = { sops.secrets.dae-imxyy-nix-server = {
sopsFile = secrets.dae-imxyy-nix-server; sopsFile = secrets.dae-imxyy-nix-server;
restartUnits = [ "dae.service" ];
format = "binary"; format = "binary";
}; };
services.dae = { services.dae = {
@@ -154,6 +155,7 @@
}; };
sops.secrets.mihomo = { sops.secrets.mihomo = {
sopsFile = secrets.mihomo; sopsFile = secrets.mihomo;
restartUnits = [ "mihomo.service" ];
format = "yaml"; format = "yaml";
key = ""; key = "";
}; };
@@ -166,6 +168,7 @@
sops.secrets.frp-env = { sops.secrets.frp-env = {
sopsFile = secrets.frp; sopsFile = secrets.frp;
restartUnits = [ "frp.service" ];
format = "dotenv"; format = "dotenv";
}; };
systemd.services.frp.serviceConfig.EnvironmentFile = [ systemd.services.frp.serviceConfig.EnvironmentFile = [
@@ -429,6 +432,7 @@
sops.secrets.et-imxyy-nix-server = { sops.secrets.et-imxyy-nix-server = {
sopsFile = secrets.et-imxyy-nix-server; sopsFile = secrets.et-imxyy-nix-server;
restartUnits = [ "easytier.service" ];
format = "binary"; format = "binary";
}; };
environment.systemPackages = [ pkgs.easytier ]; environment.systemPackages = [ pkgs.easytier ];

9
config/hosts/imxyy-nix-server/note.nix
View File

@@ -4,11 +4,10 @@
... ...
}: }:
{ {
sops.secrets = { sops.secrets.siyuan-env = {
siyuan-env = { sopsFile = secrets.siyuan;
sopsFile = secrets.siyuan; restartUnits = [ "siyuan.service" ];
format = "dotenv"; format = "dotenv";
};
}; };
virtualisation.oci-containers.containers = { virtualisation.oci-containers.containers = {
siyuan = { siyuan = {

1
config/hosts/imxyy-nix-server/rss.nix
View File

@@ -5,6 +5,7 @@ in
{ {
sops.secrets.rsshub-env = { sops.secrets.rsshub-env = {
sopsFile = secrets.rsshub; sopsFile = secrets.rsshub;
restartUnits = [ "podman-rsshub.service" ];
format = "dotenv"; format = "dotenv";
}; };
users.users.rsshub = { users.users.rsshub = {

1
config/hosts/imxyy-nix-server/vault.nix
View File

@@ -2,6 +2,7 @@
{ {
sops.secrets.vaultwarden-env = { sops.secrets.vaultwarden-env = {
sopsFile = secrets.vaultwarden; sopsFile = secrets.vaultwarden;
restartUnits = [ "vaultwarden.service" ];
format = "dotenv"; format = "dotenv";
}; };
services.postgresql.ensureUsers = [ services.postgresql.ensureUsers = [

3
config/hosts/imxyy-nix-x16/net.nix
View File

@@ -54,6 +54,7 @@
sops.secrets.dae-imxyy-nix-x16 = { sops.secrets.dae-imxyy-nix-x16 = {
sopsFile = secrets.dae-imxyy-nix-x16; sopsFile = secrets.dae-imxyy-nix-x16;
restartUnits = [ "dae.service" ];
format = "binary"; format = "binary";
}; };
services.dae = { services.dae = {
@@ -63,6 +64,7 @@
systemd.services.dae.after = [ "sops-nix.service" ]; systemd.services.dae.after = [ "sops-nix.service" ];
sops.secrets.mihomo = { sops.secrets.mihomo = {
sopsFile = secrets.mihomo; sopsFile = secrets.mihomo;
restartUnits = [ "mihomo.service" ];
format = "yaml"; format = "yaml";
key = ""; key = "";
}; };
@@ -75,6 +77,7 @@
sops.secrets.et-imxyy-nix-x16 = { sops.secrets.et-imxyy-nix-x16 = {
sopsFile = secrets.et-imxyy-nix-x16; sopsFile = secrets.et-imxyy-nix-x16;
restartUnits = [ "easytier.service" ];
format = "binary"; format = "binary";
}; };
environment.systemPackages = with pkgs; [ environment.systemPackages = with pkgs; [

3
config/hosts/imxyy-nix/net.nix
View File

@@ -90,6 +90,7 @@
sops.secrets.dae-imxyy-nix = { sops.secrets.dae-imxyy-nix = {
sopsFile = secrets.dae-imxyy-nix; sopsFile = secrets.dae-imxyy-nix;
restartUnits = [ "dae.service" ];
format = "binary"; format = "binary";
}; };
services.dae = { services.dae = {
@@ -99,6 +100,7 @@
systemd.services.dae.after = [ "sops-nix.service" ]; systemd.services.dae.after = [ "sops-nix.service" ];
sops.secrets.mihomo = { sops.secrets.mihomo = {
sopsFile = secrets.mihomo; sopsFile = secrets.mihomo;
restartUnits = [ "mihomo.service" ];
format = "yaml"; format = "yaml";
key = ""; key = "";
}; };
@@ -111,6 +113,7 @@
sops.secrets.et-imxyy-nix = { sops.secrets.et-imxyy-nix = {
sopsFile = secrets.et-imxyy-nix; sopsFile = secrets.et-imxyy-nix;
restartUnits = [ "easytier.service" ];
format = "binary"; format = "binary";
}; };
environment.systemPackages = [ pkgs.easytier ]; environment.systemPackages = [ pkgs.easytier ];