blob: 4b499f2ba3aa67541c023cccfccb99841574ff1e (
plain) (
tree)
|
|
{
adminUser,
config,
self,
...
}:
{
age = {
secrets = {
restic_gcs_credentials = {
file = "${self}/secrets/restic_gcs_credentials.age";
};
restic_password = {
file = "${self}/secrets/restic_password.age";
};
cloudflared-tunnel = {
file = "${self}/secrets/cloudflared_cragmont.age";
};
cloudflared-cert = {
file = "${self}/secrets/cloudflared_cert.age";
};
nas_client_credentials = {
file = "${self}/secrets/nas_client.age";
};
};
};
imports = [
"${self}/profiles/home-manager.nix"
"${self}/profiles/admin-user/user.nix"
"${self}/profiles/admin-user/home-manager.nix"
"${self}/profiles/hardware/synology.nix"
"${self}/profiles/disk/vm.nix"
"${self}/profiles/server.nix"
"${self}/profiles/git-server.nix"
];
# Use the systemd-boot EFI boot loader.
boot.loader.efi.canTouchEfiVariables = true;
networking.hostName = "vm-synology";
home-manager.users.${adminUser.name} = {
imports = [
../../../users/profiles/minimal.nix
];
};
services.cloudflared = {
enable = true;
certificateFile = config.age.secrets.cloudflared-cert.path;
tunnels = {
"cragmont" = {
credentialsFile = config.age.secrets.cloudflared-tunnel.path;
default = "http_status:404";
ingress = {
"git.fcuny.net".service = "ssh://127.0.0.1:22";
};
};
};
};
my.modules.nas-client = {
enable = true;
volumes = {
data = {
server = "192.168.1.68";
remotePath = "backups";
mountPoint = "/data/backups";
uid = adminUser.uid;
};
};
};
my.modules.backups = {
enable = true;
passwordFile = config.age.secrets.restic_password.path;
remote = {
googleProjectId = "fcuny-infra";
googleCredentialsFile = config.age.secrets.restic_gcs_credentials.path;
};
};
system.stateVersion = "23.11"; # Did you read the comment?
}
|
