From 14a65b8c7e5b17d25960f3f013b36b3b9a574401 Mon Sep 17 00:00:00 2001 From: satr14 Date: Fri, 1 May 2026 07:58:04 +0700 Subject: [PATCH 1/2] revert not working fix --- modules/system/homelab/docs.nix | 6 ------ 1 file changed, 6 deletions(-) diff --git a/modules/system/homelab/docs.nix b/modules/system/homelab/docs.nix index 2d9ff74..caa5c9c 100644 --- a/modules/system/homelab/docs.nix +++ b/modules/system/homelab/docs.nix @@ -3,10 +3,6 @@ sandbox = "docs-sandbox.${homelab.domain}"; data-dir = "/mnt/data/apps/cryptpad"; in { - systemd.tmpfiles.rules = [ - "d ${data-dir} 0750 cryptpad cryptpad -" - ]; - services.cryptpad = { enable = true; settings = { @@ -26,6 +22,4 @@ in { logPath = "${data-dir}/logs"; }; }; - - systemd.services.cryptpad.serviceConfig.ReadWritePaths = [ data-dir ]; } From d4de48420f06c77dc06ea6694b5c093ea2685491 Mon Sep 17 00:00:00 2001 From: satr14 Date: Fri, 1 May 2026 08:05:02 +0700 Subject: [PATCH 2/2] bind mount loophole --- modules/system/homelab/docs.nix | 14 ++++++-------- modules/system/homelab/pass.nix | 7 ++++++- 2 files changed, 12 insertions(+), 9 deletions(-) diff --git a/modules/system/homelab/docs.nix b/modules/system/homelab/docs.nix index caa5c9c..fad718c 100644 --- a/modules/system/homelab/docs.nix +++ b/modules/system/homelab/docs.nix @@ -12,14 +12,12 @@ in { httpSafeOrigin = "https://${sandbox}"; blockDailyCheck = true; disableIntegratedEviction = true; - archivePath = "${data-dir}/archive"; - pinPath = "${data-dir}/pins"; - taskPath = "${data-dir}/tasks"; - blockPath = "${data-dir}/block"; - blobPath = "${data-dir}/blob"; - blobStagingPath = "${data-dir}/blobstage"; - decreePath = "${data-dir}/decrees"; - logPath = "${data-dir}/logs"; }; }; + + fileSystems."/var/lib/cryptpad" = { + device = "/mnt/data/apps/cryptpad"; + dependsOn = [ "/mnt/data" ]; + options = [ "bind" "nofail" ]; + }; } diff --git a/modules/system/homelab/pass.nix b/modules/system/homelab/pass.nix index 028f99d..86a4707 100644 --- a/modules/system/homelab/pass.nix +++ b/modules/system/homelab/pass.nix @@ -5,10 +5,15 @@ backupDir = "/mnt/data/apps/vaultwarden/backups"; environmentFile = "/mnt/data/apps/vaultwarden/.env"; config = { - DATA_FOLDER = "/mnt/data/apps/vaultwarden/data"; ROCKET_PORT = 8060; ROCKET_ADDRESS = "127.0.0.1"; ROCKET_LOG = "critical"; }; }; + + fileSystems."/var/lib/vaultwarden" = { + device = "/mnt/data/apps/vaultwarden/data"; + dependsOn = [ "/mnt/data" ]; + options = [ "bind" "nofail" ]; + }; } \ No newline at end of file