blob: 1560ce62ee9d6c992a6f2788ffe125257c8c3037 (
plain) (
blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
|
{
adminUser,
lib,
config,
...
}:
{
wgPublicKey = "bJZyQoemudGJQox8Iegebm23c4BNVIxRPy1kmI2l904=";
publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFM4wZaYwz8kuu6lNrdrN6QOyouGQ0v1ye+Iwh1jawNi";
age.secrets = {
wireguard.file = ../secrets/bree/wireguard.age;
disk-unlock-key.file = ../secrets/bree/disk-unlock-key.age;
disk-passphrase.file = ../secrets/bree/disk-passphrase.age;
};
imports = [
../profiles/core-metrics.nix
../profiles/defaults.nix
../profiles/disk/basic-vm.nix
../profiles/hardware/synology-vm.nix
../profiles/home-manager.nix
../profiles/server.nix
../profiles/users/admin-user.nix
../profiles/users/home-manager.nix
../profiles/wireguard.nix
];
networking.hostName = "bree";
networking.useDHCP = lib.mkDefault true;
systemd.network.wait-online.anyInterface = lib.mkDefault config.networking.useDHCP;
services.remoteDiskUnlock = {
enable = true;
hosts = [
"192.168.1.114"
];
sshKeyPath = config.age.secrets.disk-unlock-key.path;
passphrasePath = config.age.secrets.disk-passphrase.path;
};
system.stateVersion = "23.11"; # Did you read the comment?
home-manager.users.${adminUser.name} = {
home.homeDirectory = "/home/${adminUser.name}";
imports = [
../home/profiles/minimal.nix
];
};
}
|
