diff options
| author | Azat Bahawi <azat@bahawi.net> | 2024-01-21 15:11:34 +0300 |
|---|---|---|
| committer | Azat Bahawi <azat@bahawi.net> | 2024-01-21 15:11:34 +0300 |
| commit | 8dd4dce913b60163afb0b4a9bdecc79c0c7ef873 (patch) | |
| tree | 7fac2f22f4c1db027469bcebdd7af159b56aa412 /modules/nixos | |
| parent | 2024-01-17 (diff) | |
2024-01-21
Diffstat (limited to '')
| -rw-r--r-- | modules/nixos/k3s.nix | 2 | ||||
| -rw-r--r-- | modules/nixos/lxc.nix | 7 | ||||
| -rw-r--r-- | modules/nixos/unbound.nix | 25 |
3 files changed, 5 insertions, 29 deletions
diff --git a/modules/nixos/k3s.nix b/modules/nixos/k3s.nix index dcbd052..016eb50 100644 --- a/modules/nixos/k3s.nix +++ b/modules/nixos/k3s.nix @@ -23,7 +23,7 @@ in { systemd.services.k3s.environment = { K3S_KUBECONFIG_OUTPUT = "/etc/rancher/k3s/k3s.yaml"; - K3S_KUBECONFIG_MODE = "600"; + K3S_KUBECONFIG_MODE = "664"; }; }; } diff --git a/modules/nixos/lxc.nix b/modules/nixos/lxc.nix index 4f7805f..bfdab8f 100644 --- a/modules/nixos/lxc.nix +++ b/modules/nixos/lxc.nix @@ -6,11 +6,10 @@ with lib; let cfg = config.nixfiles.modules.lxc; in { - options.nixfiles.modules.lxc.enable = - mkEnableOption "LXC/LXD"; + options.nixfiles.modules.lxc.enable = mkEnableOption "LXC/Incus"; config = mkIf cfg.enable { - virtualisation.lxd.enable = true; - my.extraGroups = "lxd"; + virtualisation.incus.enable = true; + my.extraGroups = ["incus-admin"]; }; } diff --git a/modules/nixos/unbound.nix b/modules/nixos/unbound.nix index 8dce3f5..e6cad81 100644 --- a/modules/nixos/unbound.nix +++ b/modules/nixos/unbound.nix @@ -24,30 +24,7 @@ in { mkIf cfg.enable { ark.directories = [config.services.unbound.stateDir]; - nixfiles.modules = { - redis.enable = true; - - promtail.filters = [ - { - match = { - selector = ''{syslog_identifier="unbound"} |~ " start | stopped |.*in-addr.arpa."''; - action = "drop"; - }; - } - { - match = { - selector = ''{syslog_identifier="unbound"} |= "reply:"''; - stages = [{static_labels.dns = "reply";}]; - }; - } - { - match = { - selector = ''{syslog_identifier="unbound"} |~ "redirect |always_null|always_nxdomain"''; - stages = [{static_labels.dns = "block";}]; - }; - } - ]; - }; + nixfiles.modules.redis.enable = true; services = { unbound = { |