{ adminUser, config, self, ... }: { age = { secrets = { restic_gcs_credentials = { file = "${self}/secrets/restic_gcs_credentials.age"; }; restic_password = { file = "${self}/secrets/restic_password.age"; }; cloudflared-tunnel = { file = "${self}/secrets/cloudflared_cragmont.age"; }; cloudflared-cert = { file = "${self}/secrets/cloudflared_cert.age"; }; nas_client_credentials = { file = "${self}/secrets/nas_client.age"; }; }; }; imports = [ "${self}/profiles/home-manager.nix" "${self}/profiles/admin-user/user.nix" "${self}/profiles/admin-user/home-manager.nix" "${self}/profiles/hardware/synology.nix" "${self}/profiles/disk/vm.nix" "${self}/profiles/server.nix" "${self}/profiles/git-server.nix" ]; # Use the systemd-boot EFI boot loader. boot.loader.efi.canTouchEfiVariables = true; networking.hostName = "vm-synology"; home-manager.users.${adminUser.name} = { imports = [ "${self}/users/profiles/minimal.nix" ]; }; services.cloudflared = { enable = true; certificateFile = config.age.secrets.cloudflared-cert.path; tunnels = { "cragmont" = { credentialsFile = config.age.secrets.cloudflared-tunnel.path; default = "http_status:404"; ingress = { "git.fcuny.net".service = "ssh://127.0.0.1:22"; }; }; }; }; my.modules.nas-client = { enable = true; volumes = { data = { server = "192.168.1.68"; remotePath = "backups"; mountPoint = "/data/backups"; uid = adminUser.uid; }; }; }; my.modules.backups = { enable = true; passwordFile = config.age.secrets.restic_password.path; remote = { googleProjectId = "fcuny-infra"; googleCredentialsFile = config.age.secrets.restic_gcs_credentials.path; }; }; users.users.builder = { openssh.authorizedKeys.keys = [ # my personal key "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINBkozy+X96u5ciX766bJ/AyQ3xm1tXZTIr5+4PVFZFi" # remote builder ssh key "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGFGxdplt9WwGjdhoYkmPe2opZMJShtpqnGCI+swrgvw" ]; isNormalUser = true; group = "nogroup"; }; nix.settings.trusted-users = [ "builder" ]; system.stateVersion = "23.11"; # Did you read the comment? }