blob: 1f7307c708265470243ea7b314bccaa1a565a079 (
plain) (
tree)
|
|
{
adminUser,
config,
self,
...
}:
{
age = {
secrets = {
restic_gcs_credentials = {
file = "${self}/secrets/restic_gcs_credentials.age";
};
restic_password = {
file = "${self}/secrets/restic_password.age";
};
cloudflared-tunnel = {
file = "${self}/secrets/cloudflared_cragmont.age";
};
cloudflared-cert = {
file = "${self}/secrets/cloudflared_cert.age";
};
nas_client_credentials = {
file = "${self}/secrets/nas_client.age";
};
};
};
imports = [
"${self}/profiles/home-manager.nix"
"${self}/profiles/admin-user/user.nix"
"${self}/profiles/admin-user/home-manager.nix"
"${self}/profiles/hardware/synology.nix"
"${self}/profiles/disk/vm.nix"
"${self}/profiles/server.nix"
"${self}/profiles/git-server.nix"
];
# Use the systemd-boot EFI boot loader.
boot.loader.efi.canTouchEfiVariables = true;
networking.hostName = "vm-synology";
home-manager.users.${adminUser.name} = {
imports = [
"${self}/users/profiles/minimal.nix"
];
};
services.cloudflared = {
enable = true;
certificateFile = config.age.secrets.cloudflared-cert.path;
tunnels = {
"cragmont" = {
credentialsFile = config.age.secrets.cloudflared-tunnel.path;
default = "http_status:404";
ingress = {
"git.fcuny.net".service = "ssh://127.0.0.1:22";
};
};
};
};
my.modules.nas-client = {
enable = true;
volumes = {
data = {
server = "192.168.1.68";
remotePath = "backups";
mountPoint = "/data/backups";
uid = adminUser.uid;
};
};
};
my.modules.backups = {
enable = true;
passwordFile = config.age.secrets.restic_password.path;
remote = {
googleProjectId = "fcuny-infra";
googleCredentialsFile = config.age.secrets.restic_gcs_credentials.path;
};
};
users.users.builder = {
openssh.authorizedKeys.keys = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINBkozy+X96u5ciX766bJ/AyQ3xm1tXZTIr5+4PVFZFi"
];
isNormalUser = true;
group = "nogroup";
};
nix.settings.trusted-users = [ "builder" ];
system.stateVersion = "23.11"; # Did you read the comment?
}
|
