adding a new VM for testing

Re-key all the secrets.

1 files changed, 47 insertions, 0 deletions

diff --git a/machines/test.nix b/machines/test.nix
new file mode 100644
index 0000000..3c6e138
--- /dev/null
+++ b/machines/test.nix
@@ -0,0 +1,47 @@
+{
+  adminUser,
+  lib,
+  config,
+  ...
+}:
+{
+  wgPublicKey = "c3z4rypRBn+kFj31I6Z90pjVjRYB8w5GCoq1tZP+4mc=";
+  publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDbwKdEY93hEVOx2DS4EMliiVTmsyxjqUG2stgCRMGwj";
+  ephemeralRoot = true;
+
+  age = {
+    identityPaths = [ "/persist/etc/ssh/ssh_host_ed25519_key" ];
+    secrets = {
+      wireguard.file = ../secrets/test/wireguard.age;
+    };
+  };
+
+  imports = [
+    ../profiles/core-metrics.nix
+    ../profiles/defaults.nix
+    ../profiles/disk/btrfs-on-luks.nix
+    ../profiles/hardware/synology-vm.nix
+    ../profiles/home-manager.nix
+    ../profiles/remote-unlock.nix
+    ../profiles/server.nix
+    ../profiles/state.nix
+    ../profiles/users/admin-user.nix
+    ../profiles/users/home-manager.nix
+    ../profiles/wireguard.nix
+  ];
+
+  disko.devices.disk.disk1.device = "/dev/sda";
+
+  networking.hostName = "test";
+  networking.useDHCP = lib.mkDefault true;
+  systemd.network.wait-online.anyInterface = lib.mkDefault config.networking.useDHCP;
+
+  system.stateVersion = "25.11"; # Did you read the comment?
+
+  home-manager.users.${adminUser.name} = {
+    home.homeDirectory = "/home/${adminUser.name}";
+    imports = [
+      ../home/profiles/minimal.nix
+    ];
+  };
+}