diff options
| author | Franck Cuny <franck@fcuny.net> | 2025-07-21 07:31:45 -0700 |
|---|---|---|
| committer | Franck Cuny <franck@fcuny.net> | 2025-07-21 08:13:11 -0700 |
| commit | 23f8df7396d35744069a4bda0d1d38a55ff64b79 (patch) | |
| tree | 772b5e72355e9ee5b3ae31aef37fe1d4508e8f30 /nix/machines/nixos | |
| parent | add docker helpers and clean up some dependencies (diff) | |
| download | infra-23f8df7396d35744069a4bda0d1d38a55ff64b79.tar.gz | |
refactoring to use flake-parts and automatic imports of hosts
This is the first step in a large refactoring to use flake-parts, and to
automatically imports hosts based on paths.
Diffstat (limited to 'nix/machines/nixos')
| -rw-r--r-- | nix/machines/nixos/x86_64-linux/vm-synology.nix | 67 |
1 files changed, 67 insertions, 0 deletions
diff --git a/nix/machines/nixos/x86_64-linux/vm-synology.nix b/nix/machines/nixos/x86_64-linux/vm-synology.nix new file mode 100644 index 0000000..02030fc --- /dev/null +++ b/nix/machines/nixos/x86_64-linux/vm-synology.nix @@ -0,0 +1,67 @@ +{ self, pkgs, ... }: +{ + age = { + secrets = { + restic_gcs_credentials = { + file = "${self}/secrets/restic_gcs_credentials.age"; + }; + restic_password = { + file = "${self}/secrets/restic_password.age"; + }; + cloudflared-tunnel = { + file = "${self}/secrets/cloudflared_cragmont.age"; + }; + cloudflared-cert = { + file = "${self}/secrets/cloudflared_cert.age"; + }; + }; + }; + + imports = [ + "${self}/nix/profiles/git-server.nix" + "${self}/nix/profiles/hardware/synology.nix" + "${self}/nix/profiles/disk/vm.nix" + "${self}/nix/profiles/server.nix" + # ./backups.nix + # ./ingress.nix + # ./nginx.nix + ]; + + # Use the systemd-boot EFI boot loader. + boot.loader.efi.canTouchEfiVariables = true; + networking.hostName = "vm-synology"; + + nix = { + package = pkgs.nixVersions.latest; + settings = { + trusted-users = [ + "@admin" + "fcuny" + ]; + experimental-features = [ + "nix-command" + "flakes" + ]; + }; + }; + + # Define a user account. Don't forget to set a password with ‘passwd’. + users.mutableUsers = false; + + # Enable the OpenSSH daemon. + services.openssh.enable = true; + services.openssh.settings.PasswordAuthentication = true; + services.openssh.settings.PermitRootLogin = "no"; + + users.users.root.openssh.authorizedKeys.keys = [ + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINBkozy+X96u5ciX766bJ/AyQ3xm1tXZTIr5+4PVFZFi" + ]; + + # This value determines the NixOS release from which the default + # settings for stateful data, like file locations and database versions + # on your system were taken. It‘s perfectly fine and recommended to leave + # this value at the release version of the first install of this system. + # Before changing this value read the documentation for this option + # (e.g. man configuration.nix or on https://nixos.org/nixos/options.html). + system.stateVersion = "23.11"; # Did you read the comment? +} |