From 74f72089369dcddc2837e38735a0848f5b876506 Mon Sep 17 00:00:00 2001 From: Ingolf Wagner Date: Sat, 19 Oct 2024 16:24:26 +0900 Subject: [PATCH] :fire: delete cream --- components/network/nginx.nix | 2 +- components/network/syncthing.nix | 12 +- components/network/tinc/private.nix | 10 +- components/network/tinc/secret.nix | 24 +-- flake.nix | 22 --- machines/cream/configuration.nix | 137 ------------------ machines/cream/facts/ssh.id_ed25519.pub | 1 - .../cream/facts/ssh.jobrad.id_ed25519.pub | 1 - machines/cream/facts/syncthing.pub | 1 - .../cream/facts/tinc.private.ed25519_key.pub | 1 - machines/cream/facts/tinc.private.rsa_key.pub | 13 -- .../cream/facts/tinc.retiolum.ed25519_key.pub | 1 - .../cream/facts/tinc.retiolum.rsa_key.pub | 13 -- .../cream/facts/tinc.secret.ed25519_key.pub | 1 - machines/cream/facts/tinc.secret.rsa_key.pub | 13 -- machines/cream/facts/wireguard.wg0.cidr | 1 - machines/cream/facts/wireguard.wg0.ip | 1 - machines/cream/facts/wireguard.wg0.pub | 1 - machines/cream/facts/zerotier-ip | 1 - machines/cream/hardware-configuration.nix | 75 ---------- machines/cream/network-tinc.nix | 10 -- machines/cream/network-tinc_retiolum.nix | 29 ---- machines/cream/network-wireguard-wg0.nix | 38 ----- machines/cream/network-wireguard-wg1.nix | 27 ---- machines/cream/proxy.nix | 69 --------- machines/cream/syncthing.nix | 63 -------- 26 files changed, 24 insertions(+), 543 deletions(-) delete mode 100644 machines/cream/configuration.nix delete mode 100644 machines/cream/facts/ssh.id_ed25519.pub delete mode 100644 machines/cream/facts/ssh.jobrad.id_ed25519.pub delete mode 100644 machines/cream/facts/syncthing.pub delete mode 100644 machines/cream/facts/tinc.private.ed25519_key.pub delete mode 100644 machines/cream/facts/tinc.private.rsa_key.pub delete mode 100644 machines/cream/facts/tinc.retiolum.ed25519_key.pub delete mode 100644 machines/cream/facts/tinc.retiolum.rsa_key.pub delete mode 100644 machines/cream/facts/tinc.secret.ed25519_key.pub delete mode 100644 machines/cream/facts/tinc.secret.rsa_key.pub delete mode 100644 machines/cream/facts/wireguard.wg0.cidr delete mode 100644 machines/cream/facts/wireguard.wg0.ip delete mode 100644 machines/cream/facts/wireguard.wg0.pub delete mode 100644 machines/cream/facts/zerotier-ip delete mode 100644 machines/cream/hardware-configuration.nix delete mode 100644 machines/cream/network-tinc.nix delete mode 100644 machines/cream/network-tinc_retiolum.nix delete mode 100644 machines/cream/network-wireguard-wg0.nix delete mode 100644 machines/cream/network-wireguard-wg1.nix delete mode 100644 machines/cream/proxy.nix delete mode 100644 machines/cream/syncthing.nix diff --git a/components/network/nginx.nix b/components/network/nginx.nix index 7fe00a8..6afae18 100644 --- a/components/network/nginx.nix +++ b/components/network/nginx.nix @@ -175,7 +175,7 @@ with lib; ]; }) (entry { machine = "cherry"; }) - (entry { machine = "cream"; }) + #(entry { machine = "cream"; }) (entry { machine = "mobi"; }) (entry { machine = "bobi"; }) { diff --git a/components/network/syncthing.nix b/components/network/syncthing.nix index 6bae2d3..0818d56 100644 --- a/components/network/syncthing.nix +++ b/components/network/syncthing.nix @@ -61,7 +61,7 @@ with lib; path = lib.mkDefault "/tmp/books"; devices = [ "chungus" - "cream" + # "cream" "cherry" ]; versioning = { @@ -74,7 +74,7 @@ with lib; path = lib.mkDefault "/tmp/desktop"; devices = [ "chungus" - "cream" + # "cream" "cherry" ]; }; @@ -83,7 +83,7 @@ with lib; path = lib.mkDefault "/tmp/finance"; devices = [ "chungus" - "cream" + # "cream" "cherry" ]; versioning = { @@ -122,7 +122,7 @@ with lib; path = lib.mkDefault "/tmp/oscar_cpap"; devices = [ "chungus" - "cream" + # "cream" "cherry" ]; }; @@ -131,7 +131,7 @@ with lib; path = lib.mkDefault "/tmp/password-store"; devices = [ "chungus" - "cream" + # "cream" "cherry" ]; versioning = { @@ -144,7 +144,7 @@ with lib; enable = lib.mkDefault false; path = lib.mkDefault "/tmp/password-store"; devices = [ - "cream" + # "cream" "cherry" "orbi" ]; diff --git a/components/network/tinc/private.nix b/components/network/tinc/private.nix index ccf051a..e364418 100644 --- a/components/network/tinc/private.nix +++ b/components/network/tinc/private.nix @@ -14,7 +14,7 @@ let bobi = "10.23.42.25"; cherry = "10.23.42.29"; chungus = "10.23.42.28"; - cream = "10.23.42.27"; + # cream = "10.23.42.27"; mobi = "10.23.42.23"; orbi = "10.23.42.100"; }; @@ -67,10 +67,10 @@ in subnets = [ { address = hosts.bobi; } ]; settings.Ed25519PublicKey = "jwvNd4oAgz2cWEI74VTVYU1qgPWq823/a0iEDqJ8KMD"; }; - cream = { - subnets = [ { address = hosts.cream; } ]; - settings.Ed25519PublicKey = Ed25519PublicKey "cream"; - }; + # cream = { + # subnets = [ { address = hosts.cream; } ]; + # settings.Ed25519PublicKey = Ed25519PublicKey "cream"; + # }; cherry = { subnets = [ { address = hosts.cherry; } ]; settings.Ed25519PublicKey = Ed25519PublicKey "cherry"; diff --git a/components/network/tinc/secret.nix b/components/network/tinc/secret.nix index d5e1c05..39e1383 100644 --- a/components/network/tinc/secret.nix +++ b/components/network/tinc/secret.nix @@ -12,7 +12,7 @@ let port = 721; hosts = { cherry = "10.123.42.29"; - cream = "10.123.42.27"; + # cream = "10.123.42.27"; robi = "10.123.42.123"; sternchen = "10.123.42.25"; sterni = "10.123.42.24"; @@ -35,10 +35,10 @@ in subnets = [ { address = hosts.sternchen; } ]; settings.Ed25519PublicKey = "Z567IKl00Kw5JFBNwMvjL33QYe2hRoNtQcNIDFRPReB"; }; - cream = { - subnets = [ { address = hosts.cream; } ]; - settings.Ed25519PublicKey = "Y/YRA90mAlNEmdhUWlUTHjjsco6d6hlvW11sPtarIdL"; - }; + # cream = { + # subnets = [ { address = hosts.cream; } ]; + # settings.Ed25519PublicKey = "Y/YRA90mAlNEmdhUWlUTHjjsco6d6hlvW11sPtarIdL"; + # }; cherry = { subnets = [ { address = hosts.cherry; } ]; settings.Ed25519PublicKey = "BsPIrZjbzn0aryC0HO3OXSb4oFCMmzNDmMDQmxUXUuC"; @@ -80,13 +80,13 @@ in ); services.openssh.knownHosts = { - "cream.${network}" = { - hostNames = [ - "cream.${network}" - hosts.cream - ]; - publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIConHiCL7INgAhuN6Z9TqP0zP+xNpdV7+OHwUca4IRDD"; - }; + # "cream.${network}" = { + # hostNames = [ + # "cream.${network}" + # hosts.cream + # ]; + # publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIConHiCL7INgAhuN6Z9TqP0zP+xNpdV7+OHwUca4IRDD"; + # }; "sternchen.${network}" = { hostNames = [ "sterni.${network}" diff --git a/flake.nix b/flake.nix index ec7df9e..82ae723 100644 --- a/flake.nix +++ b/flake.nix @@ -404,28 +404,6 @@ machines = { - cream = clanSetup { - name = "cream"; - host = "cream.bear"; - modules = [ - defaultAuthorizedKeys - zerotierModules - nixos-hardware.nixosModules.framework-12th-gen-intel - retiolum.nixosModules.retiolum - private-parts.nixosModules.cream - homeManagerModules - stylixModules - { home-manager.users.mainUser.gui.enable = true; } - { - home-manager.users.mainUser = import ./homes/palo; - home-manager.users.root = import ./homes/root; - } - { - clan.core.machineDescription = "Laptop"; - } - ]; - }; - cherry = clanSetup { name = "cherry"; host = "cherry.bear"; diff --git a/machines/cream/configuration.nix b/machines/cream/configuration.nix deleted file mode 100644 index 2b20325..0000000 --- a/machines/cream/configuration.nix +++ /dev/null @@ -1,137 +0,0 @@ -{ - config, - pkgs, - lib, - ... -}: -{ - - imports = [ - - ./hardware-configuration.nix - - ./syncthing.nix - - ./network-tinc.nix - ./network-tinc_retiolum.nix - ./network-wireguard-wg0.nix - ./network-wireguard-wg1.nix - - ]; - - system.stateVersion = "22.11"; - - # Use the systemd-boot EFI boot loader, not grub - boot.loader.systemd-boot.enable = true; - boot.loader.efi.canTouchEfiVariables = true; - boot.tmp.useTmpfs = true; # make /tmp a tmpfs (performance!) - - components.virtualisation.enable = true; - - components.gui.enable = true; - components.gui.xorg.enable = true; - components.gui.wayland.enable = false; - components.mainUser.enable = true; - components.media.enable = true; - components.media.tts-client.enable = false; - components.network.enable = true; - components.network.wifi.enable = true; - components.terminal.enable = true; - - telemetry.enable = true; - telemetry.opentelemetry.exporter.endpoint = "10.100.0.1:4317"; # orbi - telemetry.prometheus.exporters.zfs.enable = false; - - home-manager.users.mainUser.home.sessionPath = [ "$HOME/.timewarrior/scripts" ]; - home-manager.users.mainUser.bugwarrior.config = { - general = { - targets = [ - "terranix" - "my_github" - ]; - log_level = "INFO"; - static_fields = [ "priority" ]; - merge_annotations = false; - }; - terranix = { - service = "github"; - login = "mrVanDalo"; - token = "@oracle:eval:${pkgs.pass}/bin/pass development/github/mrVanDalo/bugwarriorAccessToken"; - username = "mrVanDalo"; - default_priority = ""; - description_template = "{{githubtitle}} {{githuburl}}"; - add_tags = "github"; - project_template = "terranix"; - involved_issues = true; - query = "org:terranix is:open"; - include_user_issues = false; - include_user_repos = false; - }; - my_github = { - service = "github"; - login = "mrVanDalo"; - token = "@oracle:eval:${pkgs.pass}/bin/pass development/github/mrVanDalo/bugwarriorAccessToken"; - username = "mrVanDalo"; - description_template = "{{githubtitle}} {{githuburl}}"; - add_tags = "github"; - include_user_issues = true; - include_user_repos = true; - exclude_repos = [ - "azubi" - "csv-to-qif" - "stepp0r" - ]; - }; - # todo : add github issues - }; - - users.users.mainUser.extraGroups = [ "pipewire" ]; - - services.nginx.enable = true; - - networking.hostName = "cream"; - - #services.flatpak.enable = true; - - # make sure battery is charged in a way to live for a long time - services.power-profiles-daemon.enable = false; - services.tlp = { - enable = true; - settings = { - CPU_BOOST_ON_BAT = 0; - CPU_SCALING_GOVERNOR_ON_BATTERY = "powersave"; - START_CHARGE_THRESH_BAT0 = 30; - STOP_CHARGE_THRESH_BAT0 = 85; - RUNTIME_PM_ON_BAT = "auto"; - }; - }; - - security.wrappers = { - pmount = { - source = "${pkgs.pmount}/bin/pmount"; - setuid = true; - owner = "root"; - group = "root"; - }; - pumount = { - source = "${pkgs.pmount}/bin/pumount"; - setuid = true; - owner = "root"; - group = "root"; - }; - }; - - services.printing.enable = true; - - samba-share = { - enable = false; - folders = { - share = "/home/share"; - video = "/home/video-material"; - }; - }; - - # for congress and streaming - hardware.graphics.enable = true; - -} diff --git a/machines/cream/facts/ssh.id_ed25519.pub b/machines/cream/facts/ssh.id_ed25519.pub deleted file mode 100644 index 7504a75..0000000 --- a/machines/cream/facts/ssh.id_ed25519.pub +++ /dev/null @@ -1 +0,0 @@ -ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICPz1SRSthwDEmXZXcBMi0FZhqgZxF7i1lDcGT534Gy7 nixbld@cherry diff --git a/machines/cream/facts/ssh.jobrad.id_ed25519.pub b/machines/cream/facts/ssh.jobrad.id_ed25519.pub deleted file mode 100644 index 3f2d672..0000000 --- a/machines/cream/facts/ssh.jobrad.id_ed25519.pub +++ /dev/null @@ -1 +0,0 @@ -ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIArokGctZ2VLf92FhfE8pHzkx/bjz0/J1QjeaGgDSj1s ingolf.wagner@jobrad.org diff --git a/machines/cream/facts/syncthing.pub b/machines/cream/facts/syncthing.pub deleted file mode 100644 index f1ea7f6..0000000 --- a/machines/cream/facts/syncthing.pub +++ /dev/null @@ -1 +0,0 @@ -VQSHJ6K-MUWCTPJ-LJINXBP-7O244YK-TIY3D5B-T6PU7BY-2NPWPXI-HO2Q5Q6 \ No newline at end of file diff --git a/machines/cream/facts/tinc.private.ed25519_key.pub b/machines/cream/facts/tinc.private.ed25519_key.pub deleted file mode 100644 index a76ca27..0000000 --- a/machines/cream/facts/tinc.private.ed25519_key.pub +++ /dev/null @@ -1 +0,0 @@ -b8xU34/kYj3LxYfdrozDnpmXt25mLbYsnhUxgvFz2CG \ No newline at end of file diff --git a/machines/cream/facts/tinc.private.rsa_key.pub b/machines/cream/facts/tinc.private.rsa_key.pub deleted file mode 100644 index a8c8e09..0000000 --- a/machines/cream/facts/tinc.private.rsa_key.pub +++ /dev/null @@ -1,13 +0,0 @@ ------BEGIN RSA PUBLIC KEY----- -MIICCgKCAgEAqFNvj8lg1ET9rala1W7RSi+ObQoN8JoQ7fTZ63XBycDr3bEkubGk -vIbLFFsdhIiMrJG6eRr25EiKQxew6Pb4HwwqjCJugHzSELHgiWN93Dx5hgl+EXV2 -8EYQ3xWO+8ZH4PQsfUMqxBx553UMOiDZ0L4OE275z5XuLyDXnjXqv2WCU7qY57lt -MlJ3BFOhtWz7wl7fOu8rzalVuDLc/yp3KKhzLxr7lUUIHOZOT8EsoSAOiy+qUq6Q -K9JrHcTGP3FmBucY5bSyVQxbX75tLqBiadTvlcx4n0mHTbCyHjC2tIHmN2MtUhsS -Qw4uITn7NTd/c9H89Le2Z3Z01sRNEo1eZ3ru0JlYqUEL0sE2lAtPJWRgRePEzCWs -s8GN6LFrAvl8T/FmW6XFzxGBViOhFqP61HO17KhALwl5kVXpUMFKxbn1/ZXP5Ono -+h/Aaph56D/EZAFVvAPR7xx/Cp+cjOvKaKLgnZ5vG3VrjmbL9KkDtHiiiHcKC/Z8 -OrOirkxalJJd2bMYpIUO/7TYEUCQzni3ollYae3myFuwRIeiqNnVjtHiQnPMEYmn -pjgWmvtYjvPLJkpnnP96nn+FI7FXqro8nY59COaIne3m0SxPo6JrGwugvYuLeOJS -96v4hcSTrB3LEaH49a3vaFKQUsEOFCCTc6Qx+/ejgV/3cEzQjDblep8CAwEAAQ== ------END RSA PUBLIC KEY----- diff --git a/machines/cream/facts/tinc.retiolum.ed25519_key.pub b/machines/cream/facts/tinc.retiolum.ed25519_key.pub deleted file mode 100644 index 2073e49..0000000 --- a/machines/cream/facts/tinc.retiolum.ed25519_key.pub +++ /dev/null @@ -1 +0,0 @@ -B3EKYRxqFjIGR2VYajjDqX0gltPJNwcno5PUhafKWKB \ No newline at end of file diff --git a/machines/cream/facts/tinc.retiolum.rsa_key.pub b/machines/cream/facts/tinc.retiolum.rsa_key.pub deleted file mode 100644 index b045b74..0000000 --- a/machines/cream/facts/tinc.retiolum.rsa_key.pub +++ /dev/null @@ -1,13 +0,0 @@ ------BEGIN RSA PUBLIC KEY----- -MIICCgKCAgEAnzhalF1rqLdSsT6HAGuQ6x1kC9Ty3FjoKR2Y5RCO9YIyEgRE8qfR -jkne+wIIleODUDMZYuvUe9X5hm8w6wDzxlwCPitwhDlOxoSBnXfbL6YL9rZBn3lC -JFkpEPtAJYnfM64R4/UjSndHlCVuH7tltD/1tmfG6IbSsIeDVz+pWZdEmBJfCiDl -aqP2gb1oIwe9TgJX2EC2ugW+6Jh9oPNIOP2Q5eLvty5WPhUSGQDWVMr5u0Rgc1oU -hhAvrfue7MFqUwX+o0Zq93eVAu/51dhTtqwwVgZVlHK7Wkak4yTRGPAP9v9vbKeK -7GpQuvbiI5OphhSFPjyCN1XMqVgFxqsnLsflIPbQdxCkBgFxhmNf31BDlXWHWD5e -7BfFYc1tZFcEWKhguoCSesJvh1BVsiZzfya96lGd/+ttcKBUKX4tdznEQsV/MVhC -cVnQD6k8PN4BIWVJtcq5oM9h6Yt6avtv8TeuaLp/Janco4JmYYFIfRETnz6ye/fG -OiKJnGQ1yohSE6n8ZUK1QYdYezZfI8QhF7GHK7he9x13L9xmXoybV+REXlRvh4S2 -bi9lWTKhQVIHb/qLIdQuaAnK1xg4tdNzL43KEpPstGlAnG8uUNL8hCJL3m220RPK -lEbtLhayRzQ9zgj/hBQZa/hMGGyiqV1hiTbEEWAusJdGTUPYhjAelOkCAwEAAQ== ------END RSA PUBLIC KEY----- diff --git a/machines/cream/facts/tinc.secret.ed25519_key.pub b/machines/cream/facts/tinc.secret.ed25519_key.pub deleted file mode 100644 index aed8985..0000000 --- a/machines/cream/facts/tinc.secret.ed25519_key.pub +++ /dev/null @@ -1 +0,0 @@ -nrSEGYNGKiEdXaVAnGkb7ihBnKf/PcpGJEvn1NMLNoB \ No newline at end of file diff --git a/machines/cream/facts/tinc.secret.rsa_key.pub b/machines/cream/facts/tinc.secret.rsa_key.pub deleted file mode 100644 index 9d24f0f..0000000 --- a/machines/cream/facts/tinc.secret.rsa_key.pub +++ /dev/null @@ -1,13 +0,0 @@ ------BEGIN RSA PUBLIC KEY----- -MIICCgKCAgEA8xuGW5yLty6aWYhhBK/T+7TmP3QsU2Y3ew7KvSNLhuxQc63CwzSA -eJpDHYgoLujoi6VGd1L+I7G3Imy0wF5FsFgsFKY7wTbSL/Y/6gc6wm7yL/gYebH7 -zm//n6wqMSlrFKMpnWQj9x43f8eseMl0D3rlXYpE7HfKZI3sPTNexUrWRsqVFUFN -Jmi5SQHIWuczWh0EGUaSc8ueMYHh9WkzDHS7Y8UbLy7bSclRSPxIp7D87513n7YT -0OH7dEDD/is0uoRHQg+TpgFm9HcJeX5ULmsv1x6gssm7D7r+nXF7ATNJrKO0h78O -hAS7kfugHFzrYQP/NRxNLRETSuyL4kQS5WiVfdQWIi+UJtasCSPH4hT34DBPN8vX -GC0nneV9RztnTBUpuIH/BsBOmHBHwLTb9miN6dTyq1MAL/NsiO8+zgxE4gJnownR -r6Dn3fF2bGX9ij9/7WUyi9hez+3c5q3CsG0CDccDsvgkFc4nDdWxmwqKtIg4hM7x -M6FA5W9g1hgupcIdRt/+dKp+nwGH5TYAXa9+XFwfSuegds2hZFluEhmgfet2tB26 -wA4w6+mNcTzikvU0262w9VvkvIhAXWxAvMFtDTOzY2aWqoYJfDTmdaRHdj8c2F7A -UCknUC9a3Kwi3BubAARtO1zTe6fhvkdAm9eJi985Y98xaHHXU6QeDX0CAwEAAQ== ------END RSA PUBLIC KEY----- diff --git a/machines/cream/facts/wireguard.wg0.cidr b/machines/cream/facts/wireguard.wg0.cidr deleted file mode 100644 index ec50f41..0000000 --- a/machines/cream/facts/wireguard.wg0.cidr +++ /dev/null @@ -1 +0,0 @@ -10.100.0.6/32 \ No newline at end of file diff --git a/machines/cream/facts/wireguard.wg0.ip b/machines/cream/facts/wireguard.wg0.ip deleted file mode 100644 index 773563b..0000000 --- a/machines/cream/facts/wireguard.wg0.ip +++ /dev/null @@ -1 +0,0 @@ -10.100.0.6 \ No newline at end of file diff --git a/machines/cream/facts/wireguard.wg0.pub b/machines/cream/facts/wireguard.wg0.pub deleted file mode 100644 index cd9820f..0000000 --- a/machines/cream/facts/wireguard.wg0.pub +++ /dev/null @@ -1 +0,0 @@ -u0HcEa3lGDxqGqrot+9AtrqQNqNzOtCv/PDuuZqB9Ek= \ No newline at end of file diff --git a/machines/cream/facts/zerotier-ip b/machines/cream/facts/zerotier-ip deleted file mode 100644 index 6249854..0000000 --- a/machines/cream/facts/zerotier-ip +++ /dev/null @@ -1 +0,0 @@ -fdb3:fdc0:b880:37a1:3a99:93df:ed1c:3754 \ No newline at end of file diff --git a/machines/cream/hardware-configuration.nix b/machines/cream/hardware-configuration.nix deleted file mode 100644 index 91d472d..0000000 --- a/machines/cream/hardware-configuration.nix +++ /dev/null @@ -1,75 +0,0 @@ -# Do not modify this file! It was generated by ‘nixos-generate-config’ -# and may be overwritten by future invocations. Please make changes -# to /etc/nixos/configuration.nix instead. -{ - config, - lib, - pkgs, - modulesPath, - ... -}: - -{ - imports = [ - (modulesPath + "/installer/scan/not-detected.nix") - ]; - - boot.initrd.availableKernelModules = [ - "xhci_pci" - "thunderbolt" - "nvme" - "usb_storage" - "uas" - "sd_mod" - ]; - boot.initrd.kernelModules = [ "dm-snapshot" ]; - boot.kernelModules = [ "kvm-intel" ]; - boot.extraModulePackages = [ ]; - - boot.initrd.luks.devices = { - pool = { - device = "/dev/nvme0n1p2"; - preLVM = true; - }; - }; - - fileSystems."/" = { - device = "/dev/disk/by-uuid/48228fad-8123-4e87-9c70-2e4c204d7a49"; - fsType = "ext4"; - }; - - fileSystems."/boot" = { - device = "/dev/disk/by-uuid/13A0-D756"; - fsType = "vfat"; - }; - - fileSystems."/home" = { - device = "/dev/disk/by-uuid/d73dd71d-9f0f-4c49-8267-9ad7e3f01ff1"; - fsType = "ext4"; - }; - - #fileSystems."/removable" = - # { - # device = "/dev/disk/by-uuid/081de08c-b080-4a05-9915-235caae193e7"; - # fsType = "ext4"; - # }; - - fileSystems."/share" = { - device = "none"; - fsType = "tmpfs"; - }; - - fileSystems."/browsers" = { - device = "none"; - fsType = "tmpfs"; - }; - - swapDevices = [ ]; - - networking.useDHCP = lib.mkDefault true; - - nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; - powerManagement.cpuFreqGovernor = lib.mkDefault "ondemand"; - hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware; - -} diff --git a/machines/cream/network-tinc.nix b/machines/cream/network-tinc.nix deleted file mode 100644 index 037b7ab..0000000 --- a/machines/cream/network-tinc.nix +++ /dev/null @@ -1,10 +0,0 @@ -{ config, ... }: -{ - - tinc.private.enable = true; - tinc.private.ipv4 = "10.23.42.27"; - - #tinc.secret.enable = true; - #tinc.secret.ipv4 = "10.123.42.27"; - -} diff --git a/machines/cream/network-tinc_retiolum.nix b/machines/cream/network-tinc_retiolum.nix deleted file mode 100644 index c2378b7..0000000 --- a/machines/cream/network-tinc_retiolum.nix +++ /dev/null @@ -1,29 +0,0 @@ -{ config, factsGenerator, ... }: -{ - - clan.core.facts.services.tinc_retiolum = factsGenerator.tinc { name = "retiolum"; }; - - networking.retiolum.port = 720; - networking.retiolum.nodename = "sol"; - - services.tinc.networks.retiolum = { - ed25519PrivateKeyFile = - config.clan.core.facts.services.tinc_retiolum.secret."tinc.retiolum.ed25519_key.priv".path; - rsaPrivateKeyFile = - config.clan.core.facts.services.tinc_retiolum.secret."tinc.retiolum.rsa_key.priv".path; - }; - - #fileSystems."/retiolum/sicily" = { - # device = "//sicily.r/tonne"; - # fsType = "cifs"; - # options = [ - # "guest" - # "nofail" - # "noauto" - # "ro" - # "rsize=16777216" - # "cache=loose" - # "x-systemd.after=network.target" - # ]; - #}; -} diff --git a/machines/cream/network-wireguard-wg0.nix b/machines/cream/network-wireguard-wg0.nix deleted file mode 100644 index 4cbca26..0000000 --- a/machines/cream/network-wireguard-wg0.nix +++ /dev/null @@ -1,38 +0,0 @@ -{ - config, - factsGenerator, - clanLib, - ... -}: -{ - networking.firewall.allowedUDPPorts = [ 51820 ]; - clan.core.facts.services.wireguard = factsGenerator.wireguard { name = "wg0"; }; - clan.core.facts.services.wireguard_ip = factsGenerator.public { - "wireguard.wg0.cidr" = "10.100.0.6/32"; - "wireguard.wg0.ip" = "10.100.0.6"; - }; - - # Enable WireGuard - networking.wg-quick.interfaces = { - # Hub and Spoke Setup - # https://www.procustodibus.com/blog/2020/11/wireguard-hub-and-spoke-config/ - wg0 = { - address = [ - config.clan.core.facts.services.wireguard_ip.public."wireguard.wg0.cidr".value - ]; - listenPort = 51820; # to match firewall allowedUDPPorts (without this wg uses random port numbers) - privateKeyFile = config.clan.core.facts.services.wireguard.secret."wireguard.wg0.key".path; - mtu = 1280; - - peers = [ - { - publicKey = clanLib.readFact "wireguard.wg0.pub" "orbi"; - allowedIPs = [ - (clanLib.readFact "wireguard.wg0.cidr" "orbi") - ]; - endpoint = clanLib.readFact "wireguard.wg0.endpoint" "orbi"; - } - ]; - }; - }; -} diff --git a/machines/cream/network-wireguard-wg1.nix b/machines/cream/network-wireguard-wg1.nix deleted file mode 100644 index 440c796..0000000 --- a/machines/cream/network-wireguard-wg1.nix +++ /dev/null @@ -1,27 +0,0 @@ -{ pkgs, config, ... }: -{ - clan.core.facts.services.wg1 = { - secret."wg1.conf" = { }; - generator = { - # I download the config from my fritz.box - # cat wg_config.conf | pass insert -m machiens//wg1.conf - prompt = "please enter the wg1.conf"; - path = with pkgs; [ coreutils ]; - script = '' - echo "$prompt_value" > "$secrets"/wg1.conf - ''; - }; - }; - home-manager.users.root.home.packages = [ - (pkgs.writers.writeBashBin "wg1-up" '' - ${pkgs.wireguard-tools}/bin/wg-quick up ${ - config.clan.core.facts.services.wg1.secret."wg1.conf".path - } - '') - (pkgs.writers.writeBashBin "wg1-down" '' - ${pkgs.wireguard-tools}/bin/wg-quick up ${ - config.clan.core.facts.services.wg1.secret."wg1.conf".path - } - '') - ]; -} diff --git a/machines/cream/proxy.nix b/machines/cream/proxy.nix deleted file mode 100644 index 2195e82..0000000 --- a/machines/cream/proxy.nix +++ /dev/null @@ -1,69 +0,0 @@ -{ config, lib, ... }: -let - domain = "awesome.cache"; -in -{ - - networking.extraHosts = '' - 127.0.0.1 ${domain} - ''; - - services.nginx = { - enable = true; - - proxyCachePath.nixos = { - enable = true; - inactive = "365d"; - keysZoneSize = "100m"; - keysZoneName = "nixos"; - }; - - virtualHosts = { - ${domain} = { - extraConfig = '' - proxy_cache nixos; - proxy_ignore_headers "Set-Cookie"; - proxy_hide_header "Set-Cookie"; - proxy_buffering on; - ''; - locations."/" = { - recommendedProxySettings = false; - proxyPass = "https://cache.nixos.org"; - extraConfig = '' - proxy_set_header Host "cache.nixos.org"; - ''; - }; - }; - }; - }; - - # most likely not needed - systemd.services.nginx.serviceConfig = { - RestrictNamespaces = lib.mkForce false; - ProtectSystem = lib.mkForce false; - ProtectControlGroups = lib.mkForce false; - ProtectHome = lib.mkForce false; - ProtectHostname = lib.mkForce false; - ProtectKernelLogs = lib.mkForce false; - ProtectKernelModules = lib.mkForce false; - ProtectKernelTunables = lib.mkForce false; - PrivateDevices = lib.mkForce false; - PrivateMounts = lib.mkForce false; - PrivateTmp = lib.mkForce false; - MemoryDenyWriteExecute = lib.mkForce false; - NoNewPrivileges = lib.mkForce false; - ProtectProc = lib.mkForce "default"; - RestrictRealtime = lib.mkForce false; - RestrictSUIDSGID = lib.mkForce false; - }; - - #services.permown."/data" = { - # owner = "nginx"; - #}; - - #systemd.services."permown./data" = { - # bindsTo = [ "nginx.service" ]; - # after = [ "nginx.service" ]; - #}; - -} diff --git a/machines/cream/syncthing.nix b/machines/cream/syncthing.nix deleted file mode 100644 index 5754fa7..0000000 --- a/machines/cream/syncthing.nix +++ /dev/null @@ -1,63 +0,0 @@ -{ - config, - pkgs, - lib, - ... -}: -{ - - services.syncthing = { - enable = true; - openDefaultPorts = false; - user = "palo"; - group = "users"; - dataDir = "/home/palo/.syncthing"; - configDir = "/home/palo/.syncthing"; - overrideFolders = true; - settings.folders = { - oscar_cpap = { - enable = true; - path = "/home/palo/Documents/OSCAR_Data"; - }; - password-store = { - enable = true; - path = "/home/palo/.password-store"; - }; - logseq = { - enable = true; - path = "/home/palo/logseq"; - }; - art = { - enable = true; - path = "/home/palo/art"; - }; - desktop = { - enable = true; - path = "/home/palo/desktop"; - }; - finance = { - enable = true; - path = "/home/palo/finance"; - }; - share = { - enable = true; - path = "/home/palo/share"; - type = "sendonly"; - }; - books = { - enable = true; - path = "/home/palo/books"; - }; - }; - }; - - services.permown."/home/palo/music-library" = { - owner = "palo"; - group = "users"; - }; - - services.permown."/home/palo/finance" = { - owner = "palo"; - group = "syncthing"; - }; -}