Nix configurations for my homelab
Fix permissions on tls certs
Tls certs are now only readable by the caddy user and group.
Applications that need access to these certs must be in the caddy
group
author
yemou
date
(Jun 22, 2026, 7:25 AM -0400)
commit
83db4d2c
83db4d2ca928131b963340739ac70a6535105049
parent
b4dca3c6
b4dca3c6bfe51bf7517e6c02b5d3fc8518d7343c
+15
-13
+12
-12
flake.lock
+12
-12
flake.lock
···
115
115
]
116
116
},
117
117
"locked": {
118
-
"lastModified": 1781844424,
119
-
"narHash": "sha256-sWBr0D6eu6UhmtM87NOd4oOYilIclFXGDd/s7tVvO10=",
118
+
"lastModified": 1782103446,
119
+
"narHash": "sha256-+vMR3KPBVoY9nJrQI9qje5H1vmv51dJgMYkUuYimtJg=",
120
120
"owner": "nix-community",
121
121
"repo": "home-manager",
122
-
"rev": "c804fab681f03ec772390af4421bcc9bce80c1d9",
122
+
"rev": "d8dac1f668fd861369571be3678ec75b1573e7e3",
123
123
"type": "github"
124
124
},
125
125
"original": {
···
266
266
"systems": "systems"
267
267
},
268
268
"locked": {
269
-
"lastModified": 1780375694,
270
-
"narHash": "sha256-TznzgYVONg28KiSFB2rVdf/eLVIMtEQOxKt13Kzyrp8=",
269
+
"lastModified": 1782091909,
270
+
"narHash": "sha256-q9ygpiowWPeS/FzBz7gekF4uUamJSXH/TTMf4y0j23I=",
271
271
"owner": "Infinidoge",
272
272
"repo": "nix-minecraft",
273
-
"rev": "e6f8bec35104ca5955efe73742da58d2823684f7",
273
+
"rev": "794884dacd31b251bce5abf2cf324be3659d5322",
274
274
"type": "github"
275
275
},
276
276
"original": {
···
345
345
},
346
346
"nixpkgs_3": {
347
347
"locked": {
348
-
"lastModified": 1781836206,
349
-
"narHash": "sha256-BGjXqZOcLbkjwt8smyUskR8hNl7piTg8ccpQdSTw09s=",
348
+
"lastModified": 1782101079,
349
+
"narHash": "sha256-TGub+4QjyI6dfu3oA5bFFt729zKHN9alkjPoB8yhBIk=",
350
350
"owner": "NixOS",
351
351
"repo": "nixpkgs",
352
-
"rev": "d4fea6b6bfce7b55c6df36fb973205b89d7fe761",
352
+
"rev": "e96d96376b17a27b83a184c8c481c13c98db7961",
353
353
"type": "github"
354
354
},
355
355
"original": {
···
427
427
"nixpkgs": "nixpkgs_4"
428
428
},
429
429
"locked": {
430
-
"lastModified": 1780547341,
431
-
"narHash": "sha256-Gq8KNx5A7hBB3uGJaj6eQfLDIz5YdLu92gqBcvHvoUo=",
430
+
"lastModified": 1781943681,
431
+
"narHash": "sha256-NFHmA7H47adqiyp+0iEOyZOQhmigDqA/NBAlf4imB6U=",
432
432
"owner": "Mic92",
433
433
"repo": "sops-nix",
434
-
"rev": "9ed65852b6257fbeae4355bc24ecfea307ca759a",
434
+
"rev": "420f8d2e9882911f65cfac15cc706f639ba96cca",
435
435
"type": "github"
436
436
},
437
437
"original": {
+1
-1
modules/services/caddy/cp-certs.nix
+1
-1
modules/services/caddy/cp-certs.nix
···
15
15
mkdir -p "$certs_dir/$1"
16
16
cp -f "$caddy_path/$2" "$certs_dir/$1"
17
17
cp -f "$caddy_path/$3" "$certs_dir/$1"
18
-
chmod 604 "$certs_dir/$1/$1.crt" "$certs_dir/$1/$1.key"
18
+
chmod 640 "$certs_dir/$1/$1.crt" "$certs_dir/$1/$1.key"
19
19
20
20
printf '%s\n' "$prog_name: Copied certs for '$1'"
21
21
;;