diff options
| author | Franck Cuny <franck@fcuny.net> | 2025-08-12 12:30:50 -0700 |
|---|---|---|
| committer | Franck Cuny <franck@fcuny.net> | 2025-08-12 12:30:50 -0700 |
| commit | 943a922322258883e6fc6d29b35515746bef6917 (patch) | |
| tree | cf7372b04057462bc76dad38b19ef42edf89fdd6 /machines/nixos/x86_64-linux | |
| parent | delete unused package (diff) | |
| download | infra-943a922322258883e6fc6d29b35515746bef6917.tar.gz | |
move secrets to their own files and delete unused profile
Diffstat (limited to 'machines/nixos/x86_64-linux')
| -rw-r--r-- | machines/nixos/x86_64-linux/do-rproxy/default.nix | 24 | ||||
| -rw-r--r-- | machines/nixos/x86_64-linux/do-rproxy/secrets.nix | 10 | ||||
| -rw-r--r-- | machines/nixos/x86_64-linux/synology-vm/default.nix | 41 | ||||
| -rw-r--r-- | machines/nixos/x86_64-linux/synology-vm/home.nix | 6 | ||||
| -rw-r--r-- | machines/nixos/x86_64-linux/synology-vm/secrets.nix | 26 |
5 files changed, 62 insertions, 45 deletions
diff --git a/machines/nixos/x86_64-linux/do-rproxy/default.nix b/machines/nixos/x86_64-linux/do-rproxy/default.nix index 7281b81..a2e0728 100644 --- a/machines/nixos/x86_64-linux/do-rproxy/default.nix +++ b/machines/nixos/x86_64-linux/do-rproxy/default.nix @@ -7,18 +7,20 @@ ... }: { - age = { - secrets = { - wireguard = { - file = "${self}/secrets/do/wireguard.age"; - }; - }; - }; imports = [ (modulesPath + "/profiles/qemu-guest.nix") (modulesPath + "/virtualisation/digital-ocean-config.nix") ./disks.nix + ./secrets.nix + { + home-manager.users.${adminUser.name} = { + imports = [ + ./home.nix + { home.stateVersion = "25.05"; } + ]; + }; + } "${self}/profiles/programs/home-manager.nix" "${self}/profiles/admin-user/user.nix" "${self}/profiles/admin-user/home-manager.nix" @@ -41,19 +43,13 @@ # do not use DHCP, as DigitalOcean provisions IPs using cloud-init networking.useDHCP = lib.mkForce false; - networking.hostName = "do-jump"; + networking.hostName = "do-rproxy"; boot.loader.grub = { efiSupport = true; efiInstallAsRemovable = true; }; - home-manager.users.${adminUser.name} = { - imports = [ - "${self}/home/profiles/minimal.nix" - ]; - }; - # this one seems to always be broken systemd.services.growpart.enable = false; diff --git a/machines/nixos/x86_64-linux/do-rproxy/secrets.nix b/machines/nixos/x86_64-linux/do-rproxy/secrets.nix new file mode 100644 index 0000000..9116a9f --- /dev/null +++ b/machines/nixos/x86_64-linux/do-rproxy/secrets.nix @@ -0,0 +1,10 @@ +{ self, ... }: +{ + age = { + secrets = { + wireguard = { + file = "${self}/secrets/do/wireguard.age"; + }; + }; + }; +} diff --git a/machines/nixos/x86_64-linux/synology-vm/default.nix b/machines/nixos/x86_64-linux/synology-vm/default.nix index 398b374..9fc638b 100644 --- a/machines/nixos/x86_64-linux/synology-vm/default.nix +++ b/machines/nixos/x86_64-linux/synology-vm/default.nix @@ -6,32 +6,18 @@ ... }: { - age = { - secrets = { - restic_gcs_credentials = { - file = "${self}/secrets/restic_gcs_credentials.age"; - }; - restic_password = { - file = "${self}/secrets/restic_password.age"; - }; - cloudflared-tunnel = { - file = "${self}/secrets/cloudflared_cragmont.age"; - }; - cloudflared-cert = { - file = "${self}/secrets/cloudflared_cert.age"; - }; - nas_client_credentials = { - file = "${self}/secrets/nas_client.age"; - }; - wireguard = { - file = "${self}/secrets/vm-synology/wireguard.age"; - }; - }; - }; - imports = [ ./disks.nix ./hardware.nix + ./secrets.nix + { + home-manager.users.${adminUser.name} = { + imports = [ + ./home.nix + { home.stateVersion = "25.05"; } + ]; + }; + } "${self}/profiles/programs/home-manager.nix" "${self}/profiles/admin-user/user.nix" "${self}/profiles/admin-user/home-manager.nix" @@ -52,20 +38,13 @@ ./profiles/git-server.nix ]; - # Use the systemd-boot EFI boot loader. boot.loader.efi.canTouchEfiVariables = true; boot.loader.systemd-boot.enable = true; - networking.hostName = "vm-synology"; + networking.hostName = "synology-vm"; networking.useDHCP = lib.mkDefault true; systemd.network.wait-online.anyInterface = lib.mkDefault config.networking.useDHCP; - home-manager.users.${adminUser.name} = { - imports = [ - "${self}/home/profiles/minimal.nix" - ]; - }; - my.modules.nas-client = { enable = true; volumes = { diff --git a/machines/nixos/x86_64-linux/synology-vm/home.nix b/machines/nixos/x86_64-linux/synology-vm/home.nix new file mode 100644 index 0000000..8f0935e --- /dev/null +++ b/machines/nixos/x86_64-linux/synology-vm/home.nix @@ -0,0 +1,6 @@ +{ self, ... }: +{ + imports = [ + "${self}/home/programs/bat.nix" + ]; +} diff --git a/machines/nixos/x86_64-linux/synology-vm/secrets.nix b/machines/nixos/x86_64-linux/synology-vm/secrets.nix new file mode 100644 index 0000000..1b927ae --- /dev/null +++ b/machines/nixos/x86_64-linux/synology-vm/secrets.nix @@ -0,0 +1,26 @@ +{ self, ... }: +{ + age = { + secrets = { + restic_gcs_credentials = { + file = "${self}/secrets/restic_gcs_credentials.age"; + }; + restic_password = { + file = "${self}/secrets/restic_password.age"; + }; + cloudflared-tunnel = { + file = "${self}/secrets/cloudflared_cragmont.age"; + }; + cloudflared-cert = { + file = "${self}/secrets/cloudflared_cert.age"; + }; + nas_client_credentials = { + file = "${self}/secrets/nas_client.age"; + }; + wireguard = { + file = "${self}/secrets/vm-synology/wireguard.age"; + }; + }; + }; + +} |