titaniumtown/server-config
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

claude'd better security things

Browse Source
This commit is contained in:
Simon Gardling
2025-10-17 19:35:58 -04:00
parent 9e35448f04
commit f9515dd160
34 changed files with 327 additions and 144 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
services/soulseek.nix
View File

@@ -26,7 +26,7 @@ in
"skskd_env".text = ''
#!/bin/sh
rm -fr ${slskd_env} || true
cp ${../secrets/slskd_env} ${slskd_env}
cp ${config.age.secrets.slskd_env.path} ${slskd_env}
chmod 0500 ${slskd_env}
chown ${config.services.slskd.user}:${config.services.slskd.group} ${slskd_env}
'';
@@ -67,6 +67,12 @@ in
users.users.${config.services.jellyfin.user}.extraGroups = [ "music" ];
users.users.${username}.extraGroups = [ "music" ];
# Add agenix dependencies for slskd service
systemd.services.slskd = {
after = [ "agenix.service" ];
requires = [ "agenix.service" ];
};
systemd.tmpfiles.rules = [
"Z ${service_configs.music_dir} 0750 ${username} music"
"Z ${service_configs.slskd.base} 0750 ${config.services.slskd.user} ${config.services.slskd.group}"