diff --git a/flake.lock b/flake.lock
index f585606..060187c 100644
--- a/flake.lock
+++ b/flake.lock
@@ -1165,21 +1165,6 @@
"url": "ssh://forgejo@git.ingolf-wagner.de:2222/palo/nixos-private-parts.git"
}
},
- "retiolum": {
- "locked": {
- "lastModified": 1737987273,
- "narHash": "sha256-WQCLoDbthUO5PcdYDBxZZQgpQbEXab50EcwChkukxN4=",
- "owner": "Mic92",
- "repo": "retiolum",
- "rev": "514fe96610f745435b89355822691b1961dc4857",
- "type": "github"
- },
- "original": {
- "owner": "Mic92",
- "repo": "retiolum",
- "type": "github"
- }
- },
"root": {
"inputs": {
"clan-core": "clan-core",
@@ -1198,7 +1183,6 @@
"permown": "permown",
"polygon-art": "polygon-art",
"private-parts": "private-parts",
- "retiolum": "retiolum",
"share-http": "share-http",
"srvos": "srvos",
"stylix": "stylix",
diff --git a/flake.nix b/flake.nix
index 6544df5..9d7d3b3 100644
--- a/flake.nix
+++ b/flake.nix
@@ -30,7 +30,6 @@
private-parts.inputs.nixpkgs.follows = "nixpkgs"; # only private input
private-parts.url = "git+ssh://forgejo@git.ingolf-wagner.de:2222/palo/nixos-private-parts.git?ref=main";
#private-parts.url = "git+file:///home/palo/dev/nixos/nixos-private-parts";
- retiolum.url = "github:Mic92/retiolum";
share-http.inputs.nixpkgs.follows = "nixpkgs"; # only private input
share-http.url = "git+ssh://forgejo@git.ingolf-wagner.de:2222/palo/share-host.git?ref=main";
srvos.url = "github:nix-community/srvos";
@@ -72,7 +71,6 @@
permown,
polygon-art,
private-parts,
- retiolum,
self,
share-http,
srvos,
@@ -275,7 +273,6 @@
# inputs.stylix.nixosModules.stylix # fixme: not working
permown.nixosModules.permown
home-manager.nixosModules.home-manager
- # retiolum.nixosModules.retiolum # fixme: not working
];
boot.loader.systemd-boot.configurationLimit = lib.mkDefault 10;
@@ -413,7 +410,6 @@
healthchecks.nixosModules.default
zerotierModules
nixos-hardware.nixosModules.framework-13th-gen-intel
- retiolum.nixosModules.retiolum
private-parts.nixosModules.cherry
homeManagerModules
stylixModules
@@ -446,7 +442,6 @@
zerotierControllerModule
homeManagerModules
stylixModules
- retiolum.nixosModules.retiolum
private-parts.nixosModules.chungus
{
home-manager.users.mainUser = import ./homes/palo;
diff --git a/machines/cherry/configuration.nix b/machines/cherry/configuration.nix
index 7c432da..5dba8f9 100644
--- a/machines/cherry/configuration.nix
+++ b/machines/cherry/configuration.nix
@@ -13,7 +13,6 @@
./syncthing.nix
./network-tinc.nix
- ./network-tinc_retiolum.nix
./network-wireguard-wg0.nix
./network-wireguard-wg1.nix
diff --git a/machines/cherry/network-tinc_retiolum.nix b/machines/cherry/network-tinc_retiolum.nix
deleted file mode 100644
index 1006e81..0000000
--- a/machines/cherry/network-tinc_retiolum.nix
+++ /dev/null
@@ -1,38 +0,0 @@
-{
- config,
- factsGenerator,
- pkgs,
- ...
-}:
-{
-
- clan.core.facts.services.tinc_retiolum = factsGenerator.tinc { name = "retiolum"; };
-
- networking.retiolum.port = 720;
- networking.retiolum.nodename = "cherry";
-
- healthchecks.localCommands.ping-retiolum = pkgs.writers.writeBash "ping-retiolum" ''
- ping -c 1 -W 5 ${config.networking.retiolum.nodename}.r
- '';
-
- services.tinc.networks.retiolum = {
- ed25519PrivateKeyFile =
- config.clan.core.facts.services.tinc_retiolum.secret."tinc.retiolum.ed25519_key.priv".path;
- rsaPrivateKeyFile =
- config.clan.core.facts.services.tinc_retiolum.secret."tinc.retiolum.rsa_key.priv".path;
- };
-
- #fileSystems."/retiolum/sicily" = {
- # device = "//sicily.r/tonne";
- # fsType = "cifs";
- # options = [
- # "guest"
- # "nofail"
- # "noauto"
- # "ro"
- # "rsize=16777216"
- # "cache=loose"
- # "x-systemd.after=network.target"
- # ];
- #};
-}
diff --git a/machines/chungus/configuration.nix b/machines/chungus/configuration.nix
index 4634521..e0b9012 100644
--- a/machines/chungus/configuration.nix
+++ b/machines/chungus/configuration.nix
@@ -15,7 +15,6 @@
./packages.nix
- ./network-tinc-retiolum.nix # make sure no service is open for this vpn!
./network-tinc.nix
./network-wireguard.nix
@@ -77,7 +76,6 @@
networking.firewall.interfaces.wg0.allowedUDPPorts = [ 4317 ];
healthchecks.closed.wg0.host = "10.100.0.2";
- healthchecks.closed.retiolum.host = "centauri.r";
services.printing.enable = false;
diff --git a/machines/chungus/hass-mqtt.nix b/machines/chungus/hass-mqtt.nix
index db16169..c82e0ee 100644
--- a/machines/chungus/hass-mqtt.nix
+++ b/machines/chungus/hass-mqtt.nix
@@ -16,5 +16,4 @@
networking.firewall.interfaces.enp0s31f6.allowedTCPPorts = [ 1883 ];
networking.firewall.interfaces.wg0.allowedTCPPorts = [ 1883 ];
- healthchecks.closed.retiolum.ports.mqtt = [ 1883 ];
}
diff --git a/machines/chungus/hass-zigbee2mqtt.nix b/machines/chungus/hass-zigbee2mqtt.nix
index 964dcaf..f47d73e 100644
--- a/machines/chungus/hass-zigbee2mqtt.nix
+++ b/machines/chungus/hass-zigbee2mqtt.nix
@@ -8,11 +8,6 @@
{
imports = [ ./hass-mqtt.nix ];
- healthchecks.closed.retiolum.ports.zigbee2mqtt = [
- 1337
- 9666
- ];
-
services.zigbee2mqtt = {
enable = true;
dataDir = "/srv2/zigbee2mqtt";
diff --git a/machines/chungus/hass.nix b/machines/chungus/hass.nix
index a59b3e9..868b969 100644
--- a/machines/chungus/hass.nix
+++ b/machines/chungus/hass.nix
@@ -18,6 +18,4 @@
networking.firewall.interfaces.wg0.allowedTCPPorts = [ 8123 ];
networking.firewall.interfaces.wg0.allowedUDPPorts = [ 8123 ];
- healthchecks.closed.retiolum.ports.hass = [ 8123 ];
-
}
diff --git a/machines/chungus/media-audiobookshelf.nix b/machines/chungus/media-audiobookshelf.nix
index 07af2be..e1505c3 100644
--- a/machines/chungus/media-audiobookshelf.nix
+++ b/machines/chungus/media-audiobookshelf.nix
@@ -15,10 +15,6 @@ in
group = group;
};
- # make available in retiolum
- #networking.firewall.interfaces."tinc.retiolum".allowedTCPPorts = [ port ];
- #networking.firewall.interfaces."tinc.retiolum".allowedUDPPorts = [ port ];
-
networking.firewall.interfaces.enp0s31f6.allowedTCPPorts = [ port ];
networking.firewall.interfaces.enp0s31f6.allowedUDPPorts = [ port ];
diff --git a/machines/chungus/media-jellyfin.nix b/machines/chungus/media-jellyfin.nix
index e9d634e..fb4cf9a 100644
--- a/machines/chungus/media-jellyfin.nix
+++ b/machines/chungus/media-jellyfin.nix
@@ -7,7 +7,7 @@
{
services.jellyfin = {
enable = true;
- openFirewall = true; # todo: will open for retiolum as well
+ openFirewall = true;
group = "media";
user = "media";
};
@@ -15,7 +15,6 @@
healthchecks.http.jellyfin = {
url = "flix.${config.networking.hostName}.private";
};
- healthchecks.closed.retiolum.ports.jellyfin = [ 8096 ];
services.nginx = {
enable = true;
diff --git a/machines/chungus/media-navidrome.nix b/machines/chungus/media-navidrome.nix
index 5fd290e..d0181d7 100644
--- a/machines/chungus/media-navidrome.nix
+++ b/machines/chungus/media-navidrome.nix
@@ -11,8 +11,6 @@
expectedContent = "Navidrome";
};
- healthchecks.closed.retiolum.ports.navidrome = [ config.services.navidrome.settings.Port ];
-
services.navidrome = {
enable = true;
openFirewall = true;
diff --git a/machines/chungus/media-share.nix b/machines/chungus/media-share.nix
index f9b4313..012c25b 100644
--- a/machines/chungus/media-share.nix
+++ b/machines/chungus/media-share.nix
@@ -1,12 +1,6 @@
{ config, ... }:
{
- healthchecks.closed.retiolum.ports.share = [
- 137
- 138
- 139
- 445
- ];
networking.firewall.interfaces.enp0s31f6.allowedTCPPorts = [
445
139
diff --git a/machines/chungus/media-syncthing.nix b/machines/chungus/media-syncthing.nix
index d83c42a..e266204 100644
--- a/machines/chungus/media-syncthing.nix
+++ b/machines/chungus/media-syncthing.nix
@@ -10,7 +10,6 @@
url = config.services.syncthing.guiAddress;
expectedContent = "syncthing";
};
- healthchecks.closed.retiolum.ports.syncthing-gui = [ 8384 ];
services.syncthing = {
enable = true;
diff --git a/machines/chungus/network-tinc-retiolum.nix b/machines/chungus/network-tinc-retiolum.nix
deleted file mode 100644
index faa62f7..0000000
--- a/machines/chungus/network-tinc-retiolum.nix
+++ /dev/null
@@ -1,23 +0,0 @@
-{
- config,
- factsGenerator,
- pkgs,
- ...
-}:
-{
- clan.core.facts.services.tinc_retiolum = factsGenerator.tinc { name = "retiolum"; };
-
- networking.retiolum.port = 720;
- networking.retiolum.nodename = "chungus";
-
- healthchecks.localCommands.ping-retiolum = pkgs.writers.writeBash "ping-retiolum" ''
- ping -c 1 -W 5 ${config.networking.retiolum.nodename}.r
- '';
-
- services.tinc.networks.retiolum = {
- ed25519PrivateKeyFile =
- config.clan.core.facts.services.tinc_retiolum.secret."tinc.retiolum.ed25519_key.priv".path;
- rsaPrivateKeyFile =
- config.clan.core.facts.services.tinc_retiolum.secret."tinc.retiolum.rsa_key.priv".path;
- };
-}
diff --git a/machines/chungus/service-atuin.nix b/machines/chungus/service-atuin.nix
index 5aa20f9..1a5c059 100644
--- a/machines/chungus/service-atuin.nix
+++ b/machines/chungus/service-atuin.nix
@@ -6,8 +6,6 @@
}:
{
- healthchecks.closed.retiolum.ports.atuin = [ config.services.atuin.port ];
-
services.atuin = {
enable = true;
host = "0.0.0.0";
diff --git a/machines/chungus/service-forgejo.nix b/machines/chungus/service-forgejo.nix
index bb5e528..49dc36f 100644
--- a/machines/chungus/service-forgejo.nix
+++ b/machines/chungus/service-forgejo.nix
@@ -10,8 +10,6 @@
expectedContent = "nixinate";
};
- healthchecks.closed.retiolum.ports.forgejo = [ config.services.forgejo.settings.server.HTTP_PORT ];
-
services.nginx = {
enable = true;
statusPage = true;
diff --git a/machines/chungus/service-paperless-healthchecks.nix b/machines/chungus/service-paperless-healthchecks.nix
index 7dac6ff..e8b6ebb 100644
--- a/machines/chungus/service-paperless-healthchecks.nix
+++ b/machines/chungus/service-paperless-healthchecks.nix
@@ -11,6 +11,5 @@
url = "http://paperless.chungus.private/accounts/login/?next=/";
expectedContent = "paperless.chungus.private";
};
- healthchecks.closed.retiolum.ports.paperless = [ config.services.paperless.port ];
}
diff --git a/machines/chungus/service-s3.nix b/machines/chungus/service-s3.nix
index c151459..c542f5c 100644
--- a/machines/chungus/service-s3.nix
+++ b/machines/chungus/service-s3.nix
@@ -1,11 +1,6 @@
{ config, factsGenerator, ... }:
{
- healthchecks.closed.retiolum.ports.s3 = [
- 9000
- 9001
- ];
-
healthchecks.http.s3 = {
url = "http://s3.chungus.private:9001/login";
expectedContent = "minio";
diff --git a/machines/chungus/service-taskwarrior.nix b/machines/chungus/service-taskwarrior.nix
index 654e4e4..31c8812 100644
--- a/machines/chungus/service-taskwarrior.nix
+++ b/machines/chungus/service-taskwarrior.nix
@@ -6,8 +6,6 @@
}:
{
- healthchecks.closed.retiolum.ports.taskwarrior-webui = [ 8080 ];
-
virtualisation.oci-containers = {
containers.taskwarrior-webui = {
volumes = [
diff --git a/machines/chungus/service-vault.nix b/machines/chungus/service-vault.nix
index b62a55a..382fbf4 100644
--- a/machines/chungus/service-vault.nix
+++ b/machines/chungus/service-vault.nix
@@ -1,8 +1,6 @@
{ pkgs, ... }:
{
- healthchecks.closed.retiolum.ports.vault = [ 8200 ];
-
services.vault = {
enable = true;
#adress = "chungus.private:8200";
diff --git a/machines/chungus/topology.nix b/machines/chungus/topology.nix
index 1b84aac..27868b8 100644
--- a/machines/chungus/topology.nix
+++ b/machines/chungus/topology.nix
@@ -22,11 +22,5 @@ with config.lib.topology;
# type = "tinc";
virtual = true;
};
- interfaces."tinc.retiolum" = {
- network = "tinc.retiolum";
- # type = "tinc";
- virtual = true;
- };
-
};
}
diff --git a/machines/chungus/zerotier-controller.nix b/machines/chungus/zerotier-controller.nix
index f05fea9..1818e72 100644
--- a/machines/chungus/zerotier-controller.nix
+++ b/machines/chungus/zerotier-controller.nix
@@ -22,8 +22,6 @@ let
in
{
- healthchecks.closed.retiolum.ports.vault = [ 9993 ];
-
environment.systemPackages = [
(zerotierCommand "zerotier-script-members" ''
curl "http://localhost:9993/controller/network/''${NWID}/member" -H "X-ZT1-AUTH: ''${TOKEN}" | gojq
diff --git a/machines/usbstick/hardware-configuration/hardware-configuration.nix b/machines/usbstick/hardware-configuration/hardware-configuration.nix
index 66f2d26..1acf884 100644
--- a/machines/usbstick/hardware-configuration/hardware-configuration.nix
+++ b/machines/usbstick/hardware-configuration/hardware-configuration.nix
@@ -50,7 +50,6 @@
networking.useDHCP = lib.mkDefault true;
# networking.interfaces.enp0s25.useDHCP = lib.mkDefault true;
# networking.interfaces.tinc.private.useDHCP = lib.mkDefault true;
- # networking.interfaces.tinc.retiolum.useDHCP = lib.mkDefault true;
# networking.interfaces.tinc.secret.useDHCP = lib.mkDefault true;
# networking.interfaces.virbr0.useDHCP = lib.mkDefault true;
# networking.interfaces.wlp3s0.useDHCP = lib.mkDefault true;
diff --git a/nix/topology/networks.nix b/nix/topology/networks.nix
index 9671e1c..4ee72b1 100644
--- a/nix/topology/networks.nix
+++ b/nix/topology/networks.nix
@@ -20,8 +20,4 @@ with config.lib.topology;
cidrv4 = "10.23.42.0/24";
};
- networks."tinc.retiolum" = {
- name = "tinc retiolum";
- };
-
}
diff --git a/system/all/on-failure.nix b/system/all/on-failure.nix
deleted file mode 100644
index 1abdc3b..0000000
--- a/system/all/on-failure.nix
+++ /dev/null
@@ -1,17 +0,0 @@
-{ lib, ... }:
-{
- #on-failure = {
- # enable = true;
- # plans = {
- # tinc_private.name = "tinc.private";
- # tinc_retiolum.name = "tinc.retiolum";
- # sshd.name = "sshd";
- # tor.name = "tor";
- # dnsmasq.name = "dnsmasq";
- # #backup_on_workhorse.name = "backup.on-workhorse.private";
- # #backup_on_workout.name = "backup.on-workout.private";
- # #backup_on_porani.name = "backup.on-porani.private";
- # syncthing.name = "syncthing";
- # };
- #};
-}