diff --git a/config/hosts/goliath.nix b/config/hosts/goliath.nix index d9606e1a..88c94aff 100644 --- a/config/hosts/goliath.nix +++ b/config/hosts/goliath.nix @@ -161,7 +161,9 @@ openrazer.enable = true; }; - environment.systemPackages = [ pkgs.razergenie ]; + environment.systemPackages = [ + pkgs.razergenie + ]; boot.modprobe.modules = { vfio-pci = diff --git a/config/profiles/base/nix.nix b/config/profiles/base/nix.nix index 035c3faf..15d11359 100644 --- a/config/profiles/base/nix.nix +++ b/config/profiles/base/nix.nix @@ -20,9 +20,10 @@ sandboxPaths = [ "/var/run/nscd/socket" ]; - binaryCaches = [ "https://arc.cachix.org" "https://kittywitch.cachix.org" "https://nix-community.cachix.org" ]; + + binaryCaches = [ "https://arc.cachix.org" "https://kittywitch.cachix.org" "https://nix-community.cachix.org" "https://nixcache.reflex-frp.org" ]; binaryCachePublicKeys = - [ "arc.cachix.org-1:DZmhclLkB6UO0rc0rBzNpwFbbaeLfyn+fYccuAy7YVY=" "kittywitch.cachix.org-1:KIzX/G5cuPw5WgrXad6UnrRZ8UDr7jhXzRTK/lmqyK0=" "nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs=" ]; + [ "arc.cachix.org-1:DZmhclLkB6UO0rc0rBzNpwFbbaeLfyn+fYccuAy7YVY=" "kittywitch.cachix.org-1:KIzX/G5cuPw5WgrXad6UnrRZ8UDr7jhXzRTK/lmqyK0=" "nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs=" "ryantrinkle.com-1:JJiAKaRv9mWgpVAz8dwewnZe0AzzEAzPkagE9SP5NWI=" ]; autoOptimiseStore = true; gc = { automatic = lib.mkDefault false; diff --git a/config/services/dht22-exporter/default.nix b/config/services/dht22-exporter/default.nix index e494288d..6098d0b0 100644 --- a/config/services/dht22-exporter/default.nix +++ b/config/services/dht22-exporter/default.nix @@ -40,6 +40,7 @@ in users.users.dht22-exporter = { isSystemUser = true; + group = "gpio"; }; services.dht22-exporter = { diff --git a/config/services/keycloak/default.nix b/config/services/keycloak/default.nix index c29eb6f2..f128d581 100644 --- a/config/services/keycloak/default.nix +++ b/config/services/keycloak/default.nix @@ -47,10 +47,9 @@ in { }; users.groups.keycloak = { }; - users.users.postgres.extraGroups = singleton "keycloak"; users.users.keycloak = { isSystemUser = true; - extraGroups = singleton "keycloak"; + group = "keycloak"; }; kw.secrets.variables.keycloak-postgres = { diff --git a/config/services/syncplay/default.nix b/config/services/syncplay/default.nix index 13e7c4f4..970dd19d 100644 --- a/config/services/syncplay/default.nix +++ b/config/services/syncplay/default.nix @@ -15,7 +15,7 @@ with lib; field = fieldAdapt field; }) [ "pass" "salt" ]; - users.users.syncplay = { isSystemUser = true; }; + users.users.syncplay = { isSystemUser = true; group = "sync-cert"; }; users.groups."sync-cert".members = [ "nginx" "syncplay" ]; security.acme = { diff --git a/config/services/tvheadend/default.nix b/config/services/tvheadend/default.nix index f14206ef..b7e127fa 100644 --- a/config/services/tvheadend/default.nix +++ b/config/services/tvheadend/default.nix @@ -4,6 +4,8 @@ hardware.firmware = [ pkgs.libreelec-dvb-firmware ]; services.tvheadend.enable = true; systemd.services.tvheadend.enable = lib.mkForce false; + users.users.tvheadend.group = "tvheadend"; + users.groups.tvheadend = {}; network.firewall.public = { tcp.ports = [ 9981 9982 ]; diff --git a/config/users/kat/gui/firefox/default.nix b/config/users/kat/gui/firefox/default.nix index eec4c5db..42c0edfe 100644 --- a/config/users/kat/gui/firefox/default.nix +++ b/config/users/kat/gui/firefox/default.nix @@ -37,6 +37,7 @@ in floccus link-cleaner betterttv + a11ycss canvasblocker view-image pkgs.nur.repos.crazazy.firefox-addons.new-tab-override diff --git a/config/users/kat/gui/packages.nix b/config/users/kat/gui/packages.nix index 9a1447c2..7284787b 100644 --- a/config/users/kat/gui/packages.nix +++ b/config/users/kat/gui/packages.nix @@ -19,6 +19,7 @@ nyxt baresip yubikey-manager + jmtpfs cryptsetup ]; }