blob: 468d0dd798a059a5776833a96087e14a8dd6a4f5 (
plain) (
tree)
|
|
{
lib,
adminUser,
config,
self,
...
}:
{
age = {
secrets = {
restic_gcs_credentials = {
file = "${self}/secrets/restic_gcs_credentials.age";
};
restic_password = {
file = "${self}/secrets/restic_password.age";
};
cloudflared-tunnel = {
file = "${self}/secrets/cloudflared_cragmont.age";
};
cloudflared-cert = {
file = "${self}/secrets/cloudflared_cert.age";
};
nas_client_credentials = {
file = "${self}/secrets/nas_client.age";
};
};
};
imports = [
"${self}/profiles/home-manager.nix"
"${self}/profiles/admin-user/user.nix"
"${self}/profiles/admin-user/home-manager.nix"
"${self}/profiles/hardware/synology.nix"
"${self}/profiles/disk/vm.nix"
"${self}/profiles/server.nix"
"${self}/profiles/git-server.nix"
];
# Use the systemd-boot EFI boot loader.
boot.loader.efi.canTouchEfiVariables = true;
boot.loader.systemd-boot.enable = true;
networking.hostName = "vm-synology";
networking.useDHCP = lib.mkDefault true;
systemd.network.wait-online.anyInterface = lib.mkDefault config.networking.useDHCP;
home-manager.users.${adminUser.name} = {
imports = [
"${self}/users/profiles/minimal.nix"
];
};
my.modules.nas-client = {
enable = true;
volumes = {
data = {
server = "192.168.1.68";
remotePath = "backups";
mountPoint = "/data/backups";
uid = adminUser.uid;
};
};
};
my.modules.backups = {
enable = true;
passwordFile = config.age.secrets.restic_password.path;
remote = {
googleProjectId = "fcuny-infra";
googleCredentialsFile = config.age.secrets.restic_gcs_credentials.path;
};
};
users.users.builder = {
openssh.authorizedKeys.keys = [
# my personal key
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINBkozy+X96u5ciX766bJ/AyQ3xm1tXZTIr5+4PVFZFi"
# remote builder ssh key
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGFGxdplt9WwGjdhoYkmPe2opZMJShtpqnGCI+swrgvw"
];
isNormalUser = true;
group = "nogroup";
};
nix.settings.trusted-users = [ "builder" ];
system.stateVersion = "23.11"; # Did you read the comment?
}
|
