linode builds both image and host

2026-02-09 00:13:59 -06:00
parent 7670f2fa94
commit 8d62cffc8e
6 changed files with 116 additions and 72 deletions
--- a/hosts/vps/configuration.nix
+++ b/hosts/vps/configuration.nix
@@ -48,17 +48,21 @@ in
    ./nginx-nextcloud.nix
    ../../config/base.nix
  ];
-  my = import ./toggles.nix { inherit config inputs; } // {
-    secureHost = true;
-    users.nixremote = {
-      enable = true;
-      authorizedKeys = inputs.self.lib.getSshKeys [
-        "nixworkstation"
-        "nixserver"
-        "nixminiserver"
-      ];
+  my =
+    import ./toggles.nix {
+      inherit config inputs lib;
+    }
+    // {
+      secureHost = true;
+      users.nixremote = {
+        enable = true;
+        authorizedKeys = inputs.self.lib.getSshKeys [
+          "nixworkstation"
+          "nixserver"
+          "nixminiserver"
+        ];
+      };
    };
-  };
  sops.age = {
    generateKey = true;
    keyFile = "/var/lib/sops-nix/key.txt";
@@ -151,7 +155,12 @@ in
      www-data = { };
    };
    users = {
-      nginx.extraGroups = [ "www-data" ];
+      nginx = lib.mkIf config.my.secureHost {
+        extraGroups = [
+          "www-data"
+          "lidarr-reports"
+        ];
+      };
      deploy = {
        isSystemUser = true;
        group = "deploy";