{ config, pkgs, lib, self, ... }: with lib; let psCfg = config.pub-solar; xdg = config.home-manager.users."${psCfg.user.name}".xdg; in { imports = [ ./configuration.nix ]; config = { hardware.cpu.intel.updateMicrocode = true; pub-solar.core.disk-encryption-active = false; security.sudo.extraRules = [ { users = [ "${psCfg.user.name}" ]; commands = [ { command = "ALL"; options = [ "NOPASSWD" ]; } ]; } ]; services.openssh.knownHosts = { "cloud.pub.solar".publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIABPJSwr9DfnqV0KoL23BcxlWtRxuOqQpnFnCv4SG/LW"; }; systemd.user.services.ssh-tunnel-cloud-pub-solar = { unitConfig = { Description = "Reverse SSH connection to enable backups from IPv4-only to IPv6-only host"; After = [ "network.target" ]; }; serviceConfig = { Type = "simple"; ExecStart = "${pkgs.openssh}/bin/ssh -vvv -g -N -T -o 'ServerAliveInterval 10' -o 'ExitOnForwardFailure yes' -R 127.0.0.1:22022:localhost:22 root@cloud.pub.solar"; Restart = "always"; RestartSec = "5s"; }; wantedBy = [ "default.target" ]; }; services.ddclient = { enable = true; ipv6 = true; domains = [ "backup.b12f.io" ]; server = "ddns.hosting.de"; username = "b12f"; use = "web, web=http://checkip6.spdyn.de/, web-skip=''"; passwordFile = "/run/agenix/dyndns-droppie.key"; }; age.secrets."dyndns-droppie.key" = { file = "${self}/secrets/dyndns-droppie.key"; mode = "400"; owner = psCfg.user.name; }; }; }