From 0d82ac97c3140c8b5d85f61ce2a783ed8e4b0fb3 Mon Sep 17 00:00:00 2001
From: Franck Cuny <franck@fcuny.net>
Date: Fri, 28 Nov 2025 09:49:19 -0800
Subject: the VM on the synology was reinstalled

All the secrets were re-keyed.
---
 machines/nixos/x86_64-linux/argonath.nix  |  6 ++++++
 machines/nixos/x86_64-linux/bree.nix      |  1 +
 machines/nixos/x86_64-linux/iso.nix       | 16 +++++++++-------
 machines/nixos/x86_64-linux/rivendell.nix |  7 +++++++
 4 files changed, 23 insertions(+), 7 deletions(-)

(limited to 'machines')

diff --git a/machines/nixos/x86_64-linux/argonath.nix b/machines/nixos/x86_64-linux/argonath.nix
index a67054a..218df5a 100644
--- a/machines/nixos/x86_64-linux/argonath.nix
+++ b/machines/nixos/x86_64-linux/argonath.nix
@@ -30,6 +30,12 @@
       listenPort = 51871;
       privateKeyFile = config.age.secrets.wireguard.path;
       peers = [
+        {
+          # bree
+          publicKey = "bJZyQoemudGJQox8Iegebm23c4BNVIxRPy1kmI2l904=";
+          allowedIPs = [ "10.100.0.40/32" ];
+          persistentKeepalive = 25;
+        }
         {
           # rivendell
           publicKey = "jf7T7TMKQWSgSXhUplldZDV9G2y2BjMmHIAhg5d26ng=";
diff --git a/machines/nixos/x86_64-linux/bree.nix b/machines/nixos/x86_64-linux/bree.nix
index 7c8a661..7296077 100644
--- a/machines/nixos/x86_64-linux/bree.nix
+++ b/machines/nixos/x86_64-linux/bree.nix
@@ -9,6 +9,7 @@
     ../../../profiles/cgroups.nix
     ../../../profiles/defaults.nix
     ../../../profiles/disk/basic-vm.nix
+    ../../../profiles/hardware/synology-vm.nix
     ../../../profiles/home-manager.nix
     ../../../profiles/server.nix
   ];
diff --git a/machines/nixos/x86_64-linux/iso.nix b/machines/nixos/x86_64-linux/iso.nix
index e914571..89acbf7 100644
--- a/machines/nixos/x86_64-linux/iso.nix
+++ b/machines/nixos/x86_64-linux/iso.nix
@@ -4,18 +4,20 @@
   imports = [
     "${modulesPath}/installer/cd-dvd/channel.nix"
     "${modulesPath}/installer/cd-dvd/installation-cd-minimal.nix"
-    {
-      home-manager.users.${adminUser.name} = {
-        imports = [
-          { home.stateVersion = "25.05"; }
-        ];
-      };
-    }
+    ../../../profiles/home-manager.nix
   ];
 
   boot.loader.grub.efiSupport = true;
   boot.loader.grub.efiInstallAsRemovable = true;
   boot.loader.grub.device = "nodev";
 
+  home-manager = {
+    users.${adminUser.name} = {
+      imports = [
+        ../../../home/profiles/minimal.nix
+      ];
+    };
+  };
+
   system.stateVersion = "25.05"; # Did you read the comment?
 }
diff --git a/machines/nixos/x86_64-linux/rivendell.nix b/machines/nixos/x86_64-linux/rivendell.nix
index 8e8ab20..bd7d01b 100644
--- a/machines/nixos/x86_64-linux/rivendell.nix
+++ b/machines/nixos/x86_64-linux/rivendell.nix
@@ -53,6 +53,13 @@
       listenPort = 51871;
       privateKeyFile = config.age.secrets.wireguard.path;
       peers = [
+        {
+          # bree
+          publicKey = "bJZyQoemudGJQox8Iegebm23c4BNVIxRPy1kmI2l904=";
+          allowedIPs = [ "10.100.0.40/32" ];
+          persistentKeepalive = 25;
+          endpoint = "192.168.1.50:51871";
+        }
         {
           # argonath
           publicKey = "vTItDh9YPnA+8hL1kIK+7EHv0ol3qvhfAfz790miw1w=";
-- 
cgit v1.2.3