🗑️ get rid of tinc-retiolum

2025-02-23 16:26:35 +07:00 · 2025-02-23 16:26:35 +07:00 · eca1792a70
commit eca1792a70
parent cecbc8f708
25 changed files with 1 additions and 152 deletions
--- a/flake.lock
+++ b/flake.lock
@ -1165,21 +1165,6 @@
        "url": "ssh://forgejo@git.ingolf-wagner.de:2222/palo/nixos-private-parts.git"
      }
    },
    "retiolum": {
      "locked": {
        "lastModified": 1737987273,
        "narHash": "sha256-WQCLoDbthUO5PcdYDBxZZQgpQbEXab50EcwChkukxN4=",
        "owner": "Mic92",
        "repo": "retiolum",
        "rev": "514fe96610f745435b89355822691b1961dc4857",
        "type": "github"
      },
      "original": {
        "owner": "Mic92",
        "repo": "retiolum",
        "type": "github"
      }
    },
    "root": {
      "inputs": {
        "clan-core": "clan-core",
@ -1198,7 +1183,6 @@
        "permown": "permown",
        "polygon-art": "polygon-art",
        "private-parts": "private-parts",
        "retiolum": "retiolum",
        "share-http": "share-http",
        "srvos": "srvos",
        "stylix": "stylix",
--- a/flake.nix
+++ b/flake.nix
@ -30,7 +30,6 @@
    private-parts.inputs.nixpkgs.follows = "nixpkgs"; # only private input
    private-parts.url = "git+ssh://forgejo@git.ingolf-wagner.de:2222/palo/nixos-private-parts.git?ref=main";
    #private-parts.url = "git+file:///home/palo/dev/nixos/nixos-private-parts";
    retiolum.url = "github:Mic92/retiolum";
    share-http.inputs.nixpkgs.follows = "nixpkgs"; # only private input
    share-http.url = "git+ssh://forgejo@git.ingolf-wagner.de:2222/palo/share-host.git?ref=main";
    srvos.url = "github:nix-community/srvos";
@ -72,7 +71,6 @@
      permown,
      polygon-art,
      private-parts,
      retiolum,
      self,
      share-http,
      srvos,
@ -275,7 +273,6 @@
              # inputs.stylix.nixosModules.stylix # fixme: not working
              permown.nixosModules.permown
              home-manager.nixosModules.home-manager
              # retiolum.nixosModules.retiolum # fixme: not working
            ];
            boot.loader.systemd-boot.configurationLimit = lib.mkDefault 10;
@ -413,7 +410,6 @@
                healthchecks.nixosModules.default
                zerotierModules
                nixos-hardware.nixosModules.framework-13th-gen-intel
                retiolum.nixosModules.retiolum
                private-parts.nixosModules.cherry
                homeManagerModules
                stylixModules
@ -446,7 +442,6 @@
                zerotierControllerModule
                homeManagerModules
                stylixModules
                retiolum.nixosModules.retiolum
                private-parts.nixosModules.chungus
                {
                  home-manager.users.mainUser = import ./homes/palo;
--- a/machines/cherry/configuration.nix
+++ b/machines/cherry/configuration.nix
@ -13,7 +13,6 @@
    ./syncthing.nix
    ./network-tinc.nix
    ./network-tinc_retiolum.nix
    ./network-wireguard-wg0.nix
    ./network-wireguard-wg1.nix
--- a/machines/cherry/network-tinc_retiolum.nix
+++ b/machines/cherry/network-tinc_retiolum.nix
@ -1,38 +0,0 @@
 {
  config,
  factsGenerator,
  pkgs,
  ...
 }:
 {
  clan.core.facts.services.tinc_retiolum = factsGenerator.tinc { name = "retiolum"; };
  networking.retiolum.port = 720;
  networking.retiolum.nodename = "cherry";
  healthchecks.localCommands.ping-retiolum = pkgs.writers.writeBash "ping-retiolum" ''
    ping -c 1 -W 5 ${config.networking.retiolum.nodename}.r
  '';
  services.tinc.networks.retiolum = {
    ed25519PrivateKeyFile =
      config.clan.core.facts.services.tinc_retiolum.secret."tinc.retiolum.ed25519_key.priv".path;
    rsaPrivateKeyFile =
      config.clan.core.facts.services.tinc_retiolum.secret."tinc.retiolum.rsa_key.priv".path;
  };
  #fileSystems."/retiolum/sicily" = {
  #  device = "//sicily.r/tonne";
  #  fsType = "cifs";
  #  options = [
  #    "guest"
  #    "nofail"
  #    "noauto"
  #    "ro"
  #    "rsize=16777216"
  #    "cache=loose"
  #    "x-systemd.after=network.target"
  #  ];
  #};
 }
--- a/machines/chungus/configuration.nix
+++ b/machines/chungus/configuration.nix
@ -15,7 +15,6 @@
    ./packages.nix
    ./network-tinc-retiolum.nix # make sure no service is open for this vpn!
    ./network-tinc.nix
    ./network-wireguard.nix
@ -77,7 +76,6 @@
  networking.firewall.interfaces.wg0.allowedUDPPorts = [ 4317 ];
  healthchecks.closed.wg0.host = "10.100.0.2";
  healthchecks.closed.retiolum.host = "centauri.r";
  services.printing.enable = false;
--- a/machines/chungus/hass-mqtt.nix
+++ b/machines/chungus/hass-mqtt.nix
@ -16,5 +16,4 @@
  networking.firewall.interfaces.enp0s31f6.allowedTCPPorts = [ 1883 ];
  networking.firewall.interfaces.wg0.allowedTCPPorts = [ 1883 ];
  healthchecks.closed.retiolum.ports.mqtt = [ 1883 ];
 }
--- a/machines/chungus/hass-zigbee2mqtt.nix
+++ b/machines/chungus/hass-zigbee2mqtt.nix
@ -8,11 +8,6 @@
 {
  imports = [ ./hass-mqtt.nix ];
  healthchecks.closed.retiolum.ports.zigbee2mqtt = [
    1337
    9666
  ];
  services.zigbee2mqtt = {
    enable = true;
    dataDir = "/srv2/zigbee2mqtt";
--- a/machines/chungus/hass.nix
+++ b/machines/chungus/hass.nix
@ -18,6 +18,4 @@
  networking.firewall.interfaces.wg0.allowedTCPPorts = [ 8123 ];
  networking.firewall.interfaces.wg0.allowedUDPPorts = [ 8123 ];
  healthchecks.closed.retiolum.ports.hass = [ 8123 ];
 }
--- a/machines/chungus/media-audiobookshelf.nix
+++ b/machines/chungus/media-audiobookshelf.nix
@ -15,10 +15,6 @@ in
    group = group;
  };
  # make available in retiolum
  #networking.firewall.interfaces."tinc.retiolum".allowedTCPPorts = [ port ];
  #networking.firewall.interfaces."tinc.retiolum".allowedUDPPorts = [ port ];
  networking.firewall.interfaces.enp0s31f6.allowedTCPPorts = [ port ];
  networking.firewall.interfaces.enp0s31f6.allowedUDPPorts = [ port ];
--- a/machines/chungus/media-jellyfin.nix
+++ b/machines/chungus/media-jellyfin.nix
@ -7,7 +7,7 @@
 {
  services.jellyfin = {
    enable = true;
-    openFirewall = true; # todo: will open for retiolum as well
+    openFirewall = true;
    group = "media";
    user = "media";
  };
@ -15,7 +15,6 @@
  healthchecks.http.jellyfin = {
    url = "flix.${config.networking.hostName}.private";
  };
  healthchecks.closed.retiolum.ports.jellyfin = [ 8096 ];
  services.nginx = {
    enable = true;
--- a/machines/chungus/media-navidrome.nix
+++ b/machines/chungus/media-navidrome.nix
@ -11,8 +11,6 @@
    expectedContent = "Navidrome";
  };
  healthchecks.closed.retiolum.ports.navidrome = [ config.services.navidrome.settings.Port ];
  services.navidrome = {
    enable = true;
    openFirewall = true;
--- a/machines/chungus/media-share.nix
+++ b/machines/chungus/media-share.nix
@ -1,12 +1,6 @@
 { config, ... }:
 {
  healthchecks.closed.retiolum.ports.share = [
    137
    138
    139
    445
  ];
  networking.firewall.interfaces.enp0s31f6.allowedTCPPorts = [
    445
    139
--- a/machines/chungus/media-syncthing.nix
+++ b/machines/chungus/media-syncthing.nix
@ -10,7 +10,6 @@
    url = config.services.syncthing.guiAddress;
    expectedContent = "syncthing";
  };
  healthchecks.closed.retiolum.ports.syncthing-gui = [ 8384 ];
  services.syncthing = {
    enable = true;
--- a/machines/chungus/network-tinc-retiolum.nix
+++ b/machines/chungus/network-tinc-retiolum.nix
@ -1,23 +0,0 @@
 {
  config,
  factsGenerator,
  pkgs,
  ...
 }:
 {
  clan.core.facts.services.tinc_retiolum = factsGenerator.tinc { name = "retiolum"; };
  networking.retiolum.port = 720;
  networking.retiolum.nodename = "chungus";
  healthchecks.localCommands.ping-retiolum = pkgs.writers.writeBash "ping-retiolum" ''
    ping -c 1 -W 5 ${config.networking.retiolum.nodename}.r
  '';
  services.tinc.networks.retiolum = {
    ed25519PrivateKeyFile =
      config.clan.core.facts.services.tinc_retiolum.secret."tinc.retiolum.ed25519_key.priv".path;
    rsaPrivateKeyFile =
      config.clan.core.facts.services.tinc_retiolum.secret."tinc.retiolum.rsa_key.priv".path;
  };
 }
--- a/machines/chungus/service-atuin.nix
+++ b/machines/chungus/service-atuin.nix
@ -6,8 +6,6 @@
 }:
 {
  healthchecks.closed.retiolum.ports.atuin = [ config.services.atuin.port ];
  services.atuin = {
    enable = true;
    host = "0.0.0.0";
--- a/machines/chungus/service-forgejo.nix
+++ b/machines/chungus/service-forgejo.nix
@ -10,8 +10,6 @@
    expectedContent = "nixinate";
  };
  healthchecks.closed.retiolum.ports.forgejo = [ config.services.forgejo.settings.server.HTTP_PORT ];
  services.nginx = {
    enable = true;
    statusPage = true;
--- a/machines/chungus/service-paperless-healthchecks.nix
+++ b/machines/chungus/service-paperless-healthchecks.nix
@ -11,6 +11,5 @@
    url = "http://paperless.chungus.private/accounts/login/?next=/";
    expectedContent = "paperless.chungus.private";
  };
  healthchecks.closed.retiolum.ports.paperless = [ config.services.paperless.port ];
 }
--- a/machines/chungus/service-s3.nix
+++ b/machines/chungus/service-s3.nix
@ -1,11 +1,6 @@
 { config, factsGenerator, ... }:
 {
  healthchecks.closed.retiolum.ports.s3 = [
    9000
    9001
  ];
  healthchecks.http.s3 = {
    url = "http://s3.chungus.private:9001/login";
    expectedContent = "minio";
--- a/machines/chungus/service-taskwarrior.nix
+++ b/machines/chungus/service-taskwarrior.nix
@ -6,8 +6,6 @@
 }:
 {
  healthchecks.closed.retiolum.ports.taskwarrior-webui = [ 8080 ];
  virtualisation.oci-containers = {
    containers.taskwarrior-webui = {
      volumes = [
--- a/machines/chungus/service-vault.nix
+++ b/machines/chungus/service-vault.nix
@ -1,8 +1,6 @@
 { pkgs, ... }:
 {
  healthchecks.closed.retiolum.ports.vault = [ 8200 ];
  services.vault = {
    enable = true;
    #adress = "chungus.private:8200";
--- a/machines/chungus/topology.nix
+++ b/machines/chungus/topology.nix
@ -22,11 +22,5 @@ with config.lib.topology;
      #      type = "tinc";
      virtual = true;
    };
    interfaces."tinc.retiolum" = {
      network = "tinc.retiolum";
      #      type = "tinc";
      virtual = true;
    };
  };
 }
--- a/machines/chungus/zerotier-controller.nix
+++ b/machines/chungus/zerotier-controller.nix
@ -22,8 +22,6 @@ let
 in
 {
  healthchecks.closed.retiolum.ports.vault = [ 9993 ];
  environment.systemPackages = [
    (zerotierCommand "zerotier-script-members" ''
      curl "http://localhost:9993/controller/network/''${NWID}/member" -H "X-ZT1-AUTH: ''${TOKEN}" | gojq
--- a/machines/usbstick/hardware-configuration/hardware-configuration.nix
+++ b/machines/usbstick/hardware-configuration/hardware-configuration.nix
@ -50,7 +50,6 @@
  networking.useDHCP = lib.mkDefault true;
  # networking.interfaces.enp0s25.useDHCP = lib.mkDefault true;
  # networking.interfaces.tinc.private.useDHCP = lib.mkDefault true;
  # networking.interfaces.tinc.retiolum.useDHCP = lib.mkDefault true;
  # networking.interfaces.tinc.secret.useDHCP = lib.mkDefault true;
  # networking.interfaces.virbr0.useDHCP = lib.mkDefault true;
  # networking.interfaces.wlp3s0.useDHCP = lib.mkDefault true;
--- a/nix/topology/networks.nix
+++ b/nix/topology/networks.nix
@ -20,8 +20,4 @@ with config.lib.topology;
    cidrv4 = "10.23.42.0/24";
  };
  networks."tinc.retiolum" = {
    name = "tinc retiolum";
  };
 }
--- a/system/all/on-failure.nix
+++ b/system/all/on-failure.nix
@ -1,17 +0,0 @@
 { lib, ... }:
 {
  #on-failure = {
  #  enable = true;
  #  plans = {
  #    tinc_private.name = "tinc.private";
  #    tinc_retiolum.name = "tinc.retiolum";
  #    sshd.name = "sshd";
  #    tor.name = "tor";
  #    dnsmasq.name = "dnsmasq";
  #    #backup_on_workhorse.name = "backup.on-workhorse.private";
  #    #backup_on_workout.name = "backup.on-workout.private";
  #    #backup_on_porani.name = "backup.on-porani.private";
  #    syncthing.name = "syncthing";
  #  };
  #};
 }