diff options
| author | Franck Cuny <franck@fcuny.net> | 2025-08-12 09:35:09 -0700 |
|---|---|---|
| committer | Franck Cuny <franck@fcuny.net> | 2025-08-12 09:35:09 -0700 |
| commit | 574137b8aeb0de239a083a61c285dfc0345e05b3 (patch) | |
| tree | ab5b88c13b981634942ee9d164e12633715ae0c0 /machines/nixos/x86_64-linux/vm-synology.nix | |
| parent | users -> home (diff) | |
| download | infra-574137b8aeb0de239a083a61c285dfc0345e05b3.tar.gz | |
move each machine configuration to a folder
This will give me a bit more flexibility to configure things per machine
in the future.
Diffstat (limited to 'machines/nixos/x86_64-linux/vm-synology.nix')
| -rw-r--r-- | machines/nixos/x86_64-linux/vm-synology.nix | 110 |
1 files changed, 0 insertions, 110 deletions
diff --git a/machines/nixos/x86_64-linux/vm-synology.nix b/machines/nixos/x86_64-linux/vm-synology.nix deleted file mode 100644 index 05d4d8c..0000000 --- a/machines/nixos/x86_64-linux/vm-synology.nix +++ /dev/null @@ -1,110 +0,0 @@ -{ - lib, - adminUser, - config, - self, - ... -}: -{ - age = { - secrets = { - restic_gcs_credentials = { - file = "${self}/secrets/restic_gcs_credentials.age"; - }; - restic_password = { - file = "${self}/secrets/restic_password.age"; - }; - cloudflared-tunnel = { - file = "${self}/secrets/cloudflared_cragmont.age"; - }; - cloudflared-cert = { - file = "${self}/secrets/cloudflared_cert.age"; - }; - nas_client_credentials = { - file = "${self}/secrets/nas_client.age"; - }; - wireguard = { - file = "${self}/secrets/vm-synology/wireguard.age"; - }; - }; - }; - - imports = [ - "${self}/profiles/home-manager.nix" - "${self}/profiles/admin-user/user.nix" - "${self}/profiles/admin-user/home-manager.nix" - "${self}/profiles/hardware/synology.nix" - "${self}/profiles/disk/vm.nix" - "${self}/profiles/server.nix" - "${self}/profiles/git-server.nix" - ]; - - # Use the systemd-boot EFI boot loader. - boot.loader.efi.canTouchEfiVariables = true; - boot.loader.systemd-boot.enable = true; - - networking.hostName = "vm-synology"; - networking.useDHCP = lib.mkDefault true; - systemd.network.wait-online.anyInterface = lib.mkDefault config.networking.useDHCP; - - home-manager.users.${adminUser.name} = { - imports = [ - "${self}/home/profiles/minimal.nix" - ]; - }; - - my.modules.nas-client = { - enable = true; - volumes = { - data = { - server = "192.168.1.68"; - remotePath = "backups"; - mountPoint = "/data/backups"; - uid = adminUser.uid; - }; - }; - }; - - my.modules.backups = { - enable = true; - passwordFile = config.age.secrets.restic_password.path; - remote = { - googleProjectId = "fcuny-infra"; - googleCredentialsFile = config.age.secrets.restic_gcs_credentials.path; - }; - }; - - users.users.builder = { - openssh.authorizedKeys.keys = [ - # my personal key - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINBkozy+X96u5ciX766bJ/AyQ3xm1tXZTIr5+4PVFZFi" - # remote builder ssh key - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGFGxdplt9WwGjdhoYkmPe2opZMJShtpqnGCI+swrgvw" - ]; - isNormalUser = true; - group = "nogroup"; - }; - - nix.settings.trusted-users = [ "builder" ]; - - networking.wireguard = { - enable = true; - interfaces.wg0 = { - ips = [ "10.100.0.40/32" ]; - listenPort = 51871; - privateKeyFile = config.age.secrets.wireguard.path; - peers = [ - { - publicKey = "I+l/sWtfXcdunz2nZ05rlDexGew30ZuDxL0DVTTK318="; - allowedIPs = [ "10.100.0.0/24" ]; - endpoint = "165.232.158.110:51871"; - persistentKeepalive = 25; - } - ]; - }; - }; - - networking.firewall.allowedUDPPorts = [ 51871 ]; - - system.stateVersion = "23.11"; # Did you read the comment? -} |