upgrade

components/network/sshd/default.nix

@@ -61,7 +61,7 @@ in
         # We might want to remove this once, openssh is fixed everywhere:
         # Workaround for CVE-2024-6387 and CVE-2024-6409
         # https://github.com/NixOS/nixpkgs/pull/323753#issuecomment-2199762128
-        # settings.LoginGraceTime = 0;
+        settings.LoginGraceTime = 0;
       };
 
       users.users.root.openssh.authorizedKeys.keyFiles = cfg.rootKeyFiles ++ defaultRootKeyFiles;

components/network/wireguard.nix

@@ -22,12 +22,6 @@ with lib;
   #  };
   #};
 
-  config = {
-    networking.extraHosts = ''
-      10.100.0.1 cache.orbi.wg0
-    '';
-  };
-
 
 }
 

flake.nix

@@ -179,7 +179,6 @@
           assets = ./assets;
           factsGenerator = clan-fact-generators.lib { inherit pkgs; };
           clanLib = import ./lib/clanlib.nix { inherit (pkgs) lib; machineDir = ./machines; };
-          zerotierDeviceName = "ztbn67ogn2";
         };
       };
 
@@ -252,14 +251,9 @@
           ];
         })
         # configure nix
-        ({ pkgs, lib, clanLib, ... }:
+        ({ pkgs, lib, ... }:
           {
-            nix.settings.substituters = [
+            nix.settings.substituters = [ "https://cache.nixos.org/" ];
-              "http://cache.orbi.wg0/"
-            ];
-            nix.settings.trusted-public-keys = [
-              (clanLib.readFact "nix-serve.pub" "orbi")
-            ];
             nix.settings.experimental-features = [ "nix-command" "flakes" ];
             nix.settings.max-jobs = 1;
             # no channesl needed this way

machines/orbi/configuration.nix

@@ -16,7 +16,6 @@
     ./service-vaultwarden.nix
     #./service-surrealdb.nix # not really needed at the moment
     ./service-vikunja.nix
-    ./service-nix-cache.nix
 
     ./nginx-ingolf-wagner-de.nix
     ./nginx-wkd.nix

machines/orbi/facts/nix-serve.pub

@@ -1 +0,0 @@
-cache.orbi.wg0:TAQd7qqh08yKkCU6WofWTVH1ORFAnmwxZJaYXWtuojQ=

machines/orbi/service-forgejo-runner.nix

@@ -17,7 +17,7 @@ in
   };
   users.groups.gitea-runner = { };
 
-  clan.core.facts.services.gitea-runner = {
+  clanCore.facts.services.gitea-runner = {
     secret."gitea-runner.token" = { };
     generator = {
       prompt = "please enter your gitea-runner password";
@@ -51,7 +51,7 @@ in
         pkgs.openssh
       ];
       url = "https://git.ingolf-wagner.de";
-      tokenFile = config.clan.core.facts.services.gitea-runner.secret."gitea-runner.token".path;
+      tokenFile = config.clanCore.facts.services.gitea-runner.secret."gitea-runner.token".path;
       name = "fick_deine_mudda";
       labels = [
         # provide a debian base with nodejs for actions

machines/orbi/service-nix-cache.nix

@@ -1,47 +0,0 @@
-{ config, lib, pkgs, ... }:
-{
-
-  # nixpkgs.config.packageOverrides = p: {
-  #   nix-serve = p.haskellPackages.nix-serve-ng;
-  # };
-
-  # generate private key with:
-  # nix-store --generate-binary-cache-key my-secret-key my-public-key
-  clan.core.facts.services."nix-serve" = {
-    secret."nix-serve.key" = { };
-    public."nix-serve.pub" = { };
-    generator.path = with pkgs; [ coreutils nix ];
-    generator.script = ''
-      nix-store --generate-binary-cache-key "cache.${config.networking.hostName}.wg0" nix-serve.key nix-serve.pub
-      mv nix-serve.key "$secrets"/nix-serve.key
-      mv nix-serve.pub "$facts"/nix-serve.pub
-    '';
-  };
-
-  services.nix-serve = {
-    enable = true;
-    secretKeyFile = config.clan.core.facts.services.nix-serve.secret."nix-serve.key".path;
-    port = 5005;
-  };
-
-  services.nginx = {
-    enable = true;
-    virtualHosts."cache.${config.networking.hostName}.wg0" = {
-      locations."/".extraConfig = ''
-        proxy_pass http://localhost:${toString config.services.nix-serve.port};
-        allow ${config.wireguard.wg0.subnet};
-        deny all;
-      '';
-      locations."= /nix-cache-info".extraConfig = ''
-        alias ${pkgs.writeText "cache-info" ''
-          StoreDir: /nix/store
-          WantMassQuery: 1
-          Priority: 42
-        ''};
-        allow ${config.wireguard.wg0.subnet};
-        deny all;
-      '';
-    };
-  };
-}
-