blob: 0dfbc14a5be164bc69a8018c81e2178cf39c782b (
plain) (
blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
|
{
adminUser,
config,
self,
...
}:
{
age = {
secrets = {
restic_gcs_credentials = {
file = "${self}/secrets/restic_gcs_credentials.age";
};
restic_password = {
file = "${self}/secrets/restic_password.age";
};
cloudflared-tunnel = {
file = "${self}/secrets/cloudflared_cragmont.age";
};
cloudflared-cert = {
file = "${self}/secrets/cloudflared_cert.age";
};
nas_client_credentials = {
file = "${self}/secrets/nas_client.age";
};
};
};
imports = [
"${self}/profiles/home-manager.nix"
"${self}/profiles/admin-user/user.nix"
"${self}/profiles/admin-user/home-manager.nix"
"${self}/profiles/hardware/synology.nix"
"${self}/profiles/disk/vm.nix"
"${self}/profiles/server.nix"
"${self}/profiles/git-server.nix"
];
# Use the systemd-boot EFI boot loader.
boot.loader.efi.canTouchEfiVariables = true;
networking.hostName = "vm-synology";
home-manager.users.${adminUser.name} = {
imports = [
../../../users/profiles/minimal.nix
];
};
services.cloudflared = {
enable = true;
certificateFile = config.age.secrets.cloudflared-cert.path;
tunnels = {
"cragmont" = {
credentialsFile = config.age.secrets.cloudflared-tunnel.path;
default = "http_status:404";
ingress = {
"git.fcuny.net".service = "ssh://127.0.0.1:22";
};
};
};
};
my.modules.nas-client = {
enable = true;
volumes = {
data = {
server = "192.168.1.68";
remotePath = "backups";
mountPoint = "/data/backups";
uid = adminUser.uid;
};
};
};
system.stateVersion = "23.11"; # Did you read the comment?
}
|
