blob: 3d64722e8c9ecb170d78aa65a9ba3000f1a3035f (
plain) (
tree)
|
|
{
lib,
config,
adminUser,
...
}:
{
imports = [
../../../profiles/authelia.nix
../../../profiles/cgroups.nix
../../../profiles/defaults.nix
../../../profiles/disk/btrfs-on-luks.nix
../../../profiles/git-server.nix
../../../profiles/hardware/framework-desktop.nix
../../../profiles/home-manager.nix
../../../profiles/miniflux.nix
../../../profiles/remote-unlock.nix
../../../profiles/restic-backup.nix
../../../profiles/server.nix
../../../profiles/wireguard.nix
];
networking.hostName = "rivendell";
networking.useDHCP = lib.mkDefault true;
systemd.network.wait-online.anyInterface = lib.mkDefault config.networking.useDHCP;
users.users.builder = {
openssh.authorizedKeys.keys = [
# my personal key
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINBkozy+X96u5ciX766bJ/AyQ3xm1tXZTIr5+4PVFZFi"
# remote builder ssh key
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGFGxdplt9WwGjdhoYkmPe2opZMJShtpqnGCI+swrgvw"
];
isNormalUser = true;
group = "nogroup";
};
nix.settings.trusted-users = [ "builder" ];
services.website = {
enable = true;
openFirewall = true;
};
services.restic.backups.local.paths = [ "/var/lib/gitolite/repositories" ];
services.restic.backups.synology.paths = [ "/var/lib/gitolite/repositories" ];
home-manager = {
users.${adminUser.name} = {
imports = [
../../../home/profiles/minimal.nix
];
inherit (adminUser) userinfo;
};
};
system.stateVersion = "23.11"; # Did you read the comment?
}
|
