delete configuration for old machines

These machines are gone, no need to keep the configuration around.

32 files changed, 0 insertions, 680 deletions

diff --git a/hosts/aptos/default.nix b/hosts/aptos/default.nix
deleted file mode 100644
index 863e995..0000000
--- a/hosts/aptos/default.nix
+++ /dev/null
@@ -1,65 +0,0 @@
-{ self, config, lib, ... }:
-let
-  secrets = config.age.secrets;
-  ssh-key-path = secrets."restic/ssh-key".path;
-in
-{
-  imports = [
-    ./hardware.nix
-    "${self}/profiles/btrfs.nix"
-    "${self}/profiles/documentation.nix"
-    "${self}/profiles/laptop.nix"
-    "${self}/profiles/syncthing.nix"
-    "${self}/profiles/hardware/xps9300.nix"
-  ];
-
-  # Use systemd-networkd for networking
-  systemd.network.enable = true;
-  systemd.network.networks.wlan0 = {
-    matchConfig.Name = "wlan0";
-    networkConfig.DHCP = "yes";
-    dhcpV4Config = {
-      UseDNS = "yes";
-      UseDomains = "yes";
-    };
-  };
-
-  networking.useNetworkd = true;
-  networking.useDHCP = false;
-  networking.private-wireguard.enable = true;
-
-  services.nscd.enable = false;
-  system.nssModules = lib.mkForce [ ];
-
-  my.services.backup = {
-    enable = true;
-    repository = "sftp:192.168.6.40:/${config.networking.hostName}";
-    exclude = [
-      # paths that I don't want to backup
-      "/home/fcuny/workspace/tmp"
-
-      # various development related files
-      "**/target"
-      "**/.direnv"
-      "**/result"
-    ];
-    timerConfig = { OnCalendar = "06:30"; };
-    passwordFile = secrets."restic/repo-users".path;
-    extraOptions = [
-      "sftp.command='ssh backup@192.168.6.40 -i ${ssh-key-path} -s sftp'"
-    ];
-    paths = [
-      "/home/fcuny/workspace"
-      "/home/fcuny/media"
-      "/home/fcuny/documents"
-    ];
-  };
-
-  # This value determines the NixOS release from which the default
-  # settings for stateful data, like file locations and database versions
-  # on your system were taken. It‘s perfectly fine and recommended to leave
-  # this value at the release version of the first install of this system.
-  # Before changing this value read the documentation for this option
-  # (e.g. man configuration.nix or on https://nixos.org/nixos/options.html).
-  system.stateVersion = "23.05"; # Did you read the comment?
-}
diff --git a/hosts/aptos/hardware.nix b/hosts/aptos/hardware.nix
deleted file mode 100644
index 01e2a96..0000000
--- a/hosts/aptos/hardware.nix
+++ /dev/null
@@ -1,44 +0,0 @@
-# Do not modify this file!  It was generated by ‘nixos-generate-config’
-# and may be overwritten by future invocations.  Please make changes
-# to /etc/nixos/configuration.nix instead.
-{ config, lib, pkgs, modulesPath, ... }:
-
-{
-  imports = [ (modulesPath + "/installer/scan/not-detected.nix") ];
-
-  boot.initrd.availableKernelModules =
-    [ "xhci_pci" "nvme" "usb_storage" "sd_mod" "rtsx_pci_sdmmc" ];
-  boot.extraModulePackages = [ ];
-
-  fileSystems."/" = {
-    device = "/dev/disk/by-uuid/292e07ac-4199-4a97-94a6-bd2fd2a9cf6a";
-    fsType = "btrfs";
-    options = [ "subvol=nixos" ];
-  };
-
-  boot.initrd.luks.devices."system".allowDiscards = true;
-  boot.initrd.luks.devices."system".device =
-    "/dev/disk/by-uuid/c83a8db7-4215-4864-8a46-b8ca839d8c05";
-
-  fileSystems."/home" = {
-    device = "/dev/disk/by-uuid/292e07ac-4199-4a97-94a6-bd2fd2a9cf6a";
-    fsType = "btrfs";
-    options = [ "subvol=home" ];
-  };
-
-  fileSystems."/.snapshots" = {
-    device = "/dev/disk/by-uuid/292e07ac-4199-4a97-94a6-bd2fd2a9cf6a";
-    fsType = "btrfs";
-    options = [ "subvol=snapshots" ];
-  };
-
-  fileSystems."/boot" = {
-    device = "/dev/disk/by-uuid/42D9-6EA8";
-    fsType = "vfat";
-  };
-
-  swapDevices =
-    [{ device = "/dev/disk/by-uuid/24041034-ff39-44bf-a04c-8fd8318b554d"; }];
-
-  powerManagement.cpuFreqGovernor = lib.mkDefault "powersave";
-}
diff --git a/hosts/aptos/home.nix b/hosts/aptos/home.nix
deleted file mode 100644
index e4ce2ec..0000000
--- a/hosts/aptos/home.nix
+++ /dev/null
@@ -1,8 +0,0 @@
-{ self, ... }: {
-  imports = [
-    "${self}/home/profiles/home.nix"
-    "${self}/home/profiles/workstation.nix"
-    "${self}/home/profiles/sway.nix"
-    "${self}/home/profiles/matrix.nix"
-  ];
-}
diff --git a/hosts/aptos/secrets/restic/repo-users.age b/hosts/aptos/secrets/restic/repo-users.age
deleted file mode 100644
index d41fd40..0000000
--- a/hosts/aptos/secrets/restic/repo-users.age
+++ /dev/null
Binary files differdiff --git a/hosts/aptos/secrets/restic/ssh-key.age b/hosts/aptos/secrets/restic/ssh-key.age
deleted file mode 100644
index 05024cf..0000000
--- a/hosts/aptos/secrets/restic/ssh-key.age
+++ /dev/null
Binary files differdiff --git a/hosts/aptos/secrets/secrets.nix b/hosts/aptos/secrets/secrets.nix
deleted file mode 100644
index 21aae44..0000000
--- a/hosts/aptos/secrets/secrets.nix
+++ /dev/null
@@ -1,28 +0,0 @@
-let
-  root = "age1g3hjfg8rsyaunsa63q73flxt0rnmqng5mvjk5qywsu0xjvuwq5rsmuxk35";
-  fcuny = "age1keyvdhpspgqp4g5zjthdphau5q5qlt6fs0ex0wqnve66dmup9pzqn4sakj";
-  backup = "age1fh4960rdrk4d7m4c5lwd3trvw9ylk09dvucj2gd2udy7d5cz2a0svcqws6";
-in
-{
-  "wireguard_privatekey.age".publicKeys = [ root fcuny backup ];
-
-  "syncthing/key.age" = {
-    publicKeys = [ root fcuny backup ];
-    owner = "fcuny";
-  };
-
-  "syncthing/cert.age" = {
-    publicKeys = [ root fcuny backup ];
-    owner = "fcuny";
-  };
-
-  "restic/repo-users.age" = {
-    publicKeys = [ root fcuny backup ];
-    owner = "fcuny";
-  };
-
-  "restic/ssh-key.age" = {
-    publicKeys = [ root fcuny backup ];
-    owner = "fcuny";
-  };
-}
diff --git a/hosts/aptos/secrets/syncthing/cert.age b/hosts/aptos/secrets/syncthing/cert.age
deleted file mode 100644
index 643c161..0000000
--- a/hosts/aptos/secrets/syncthing/cert.age
+++ /dev/null
Binary files differdiff --git a/hosts/aptos/secrets/syncthing/key.age b/hosts/aptos/secrets/syncthing/key.age
deleted file mode 100644
index ccce5f9..0000000
--- a/hosts/aptos/secrets/syncthing/key.age
+++ /dev/null
Binary files differdiff --git a/hosts/aptos/secrets/wireguard_privatekey.age b/hosts/aptos/secrets/wireguard_privatekey.age
deleted file mode 100644
index 9432fec..0000000
--- a/hosts/aptos/secrets/wireguard_privatekey.age
+++ /dev/null
@@ -1,12 +0,0 @@
-age-encryption.org/v1
--> X25519 cF4f+dR4+vxS/hQd1WoZZunRirr35gR1fYVWuh1nwQE
-UY5m7yloCfck7OVVliGX68zxh0QuvTSv7nxlnC5m1B4
--> X25519 zxKJdMAMaZ5aCwyJMm+pqM/11yMus75bjfou0pzGTgA
-PedPmd2sI7rY8QETLY50IaFFeeS+IHewRpk8NX/MiRw
--> X25519 Hz9sZ8VVQ8Mg8cksHMzn+V1NRMcahjIrq+n0LKnHhmw
-okLZa9YEQ8y3kRB0nQwtMx4OA9dIOYRt+E3O3BOkteA
--> BG8F-grease
-3+ZxToXbRMhNaEH0KPXOEizBGesGGPTxVlGyHEnMJH63XdYk9DRiTfxt/FmN/K70
-LX+XL+LFIphYxtU2JZgFDdmpsH0
---- vYsrZk3u29yzp9f8mTYPQn8Eie7xWYTq0Kh3Wp6MEaI
-�L�W��D�`ʬ����x�2�,zm�+W�9��0���8əhVXU��*l�_$�lۓ����}��]EӣVI�C
\ No newline at end of file
diff --git a/hosts/carmel/default.nix b/hosts/carmel/default.nix
deleted file mode 100644
index 67c768b..0000000
--- a/hosts/carmel/default.nix
+++ /dev/null
@@ -1,35 +0,0 @@
-{ self, ... }:
-
-{
-  imports = [
-    ./hardware.nix
-    ./networking.nix
-    ./services.nix
-    "${self}/profiles/server.nix"
-    "${self}/profiles/hardware/amd.nix"
-    "${self}/profiles/nginx.nix"
-    "${self}/profiles/router.nix"
-    "${self}/profiles/monitoring/exporter.nix"
-    "${self}/profiles/monitoring/promtail.nix"
-  ];
-
-  boot.loader.efi.efiSysMountPoint = "/boot/efi";
-
-  services.avahi = {
-    enable = true;
-    # Important to resolve .local domains of printers, otherwise you get an error
-    # like  "Impossible to connect to XXX.local: Name or service not known"
-    nssmdns = true;
-    reflector = true;
-    interfaces = [ "mgmt0" "iot" ];
-    openFirewall = true;
-  };
-
-  # This value determines the NixOS release from which the default
-  # settings for stateful data, like file locations and database versions
-  # on your system were taken. It‘s perfectly fine and recommended to leave
-  # this value at the release version of the first install of this system.
-  # Before changing this value read the documentation for this option
-  # (e.g. man configuration.nix or on https://nixos.org/nixos/options.html).
-  system.stateVersion = "21.11"; # Did you read the comment?
-}
diff --git a/hosts/carmel/hardware.nix b/hosts/carmel/hardware.nix
deleted file mode 100644
index 44f46ae..0000000
--- a/hosts/carmel/hardware.nix
+++ /dev/null
@@ -1,26 +0,0 @@
-# Do not modify this file!  It was generated by ‘nixos-generate-config’
-# and may be overwritten by future invocations.  Please make changes
-# to /etc/nixos/configuration.nix instead.
-{ config, lib, pkgs, modulesPath, ... }:
-
-{
-  imports = [ (modulesPath + "/installer/scan/not-detected.nix") ];
-
-  boot.initrd.availableKernelModules =
-    [ "nvme" "xhci_pci" "ahci" "usbhid" "usb_storage" "sd_mod" ];
-  boot.extraModulePackages = [ ];
-
-  fileSystems."/" =
-    {
-      device = "/dev/disk/by-uuid/88b61fbd-a74e-4458-bf2e-65721bb06497";
-      fsType = "ext4";
-    };
-
-  fileSystems."/boot/efi" =
-    {
-      device = "/dev/disk/by-uuid/779F-4030";
-      fsType = "vfat";
-    };
-
-  swapDevices = [ ];
-}
diff --git a/hosts/carmel/home.nix b/hosts/carmel/home.nix
deleted file mode 100644
index 6fb5fc2..0000000
--- a/hosts/carmel/home.nix
+++ /dev/null
@@ -1,6 +0,0 @@
-{ self, ... }: {
-
-  imports = [
-    "${self}/home/modules/home.nixhome"
-  ];
-}
diff --git a/hosts/carmel/networking.nix b/hosts/carmel/networking.nix
deleted file mode 100644
index 99c9796..0000000
--- a/hosts/carmel/networking.nix
+++ /dev/null
@@ -1,114 +0,0 @@
-{ lib, ... }:
-let
-  ethLink = (name:
-    (mac: {
-      matchConfig = {
-        Type = "ether";
-        MACAddress = mac;
-      };
-      linkConfig.Name = name;
-    }));
-
-  vlanNetdev = (name:
-    (id: {
-      netdevConfig = {
-        Name = name;
-        Kind = "vlan";
-      };
-      vlanConfig.Id = id;
-    }));
-
-  vlanNetwork = (name:
-    (id: {
-      matchConfig.Name = name;
-
-      # Embed ID directly in IPv4 address for clarity.
-      address = [ "192.168.${toString id}.1/24" ];
-    }));
-in
-{
-  systemd.network = {
-    enable = true;
-
-    links."10-wan0" = ethLink "wan0" "a8:a1:59:43:95:36";
-    networks."10-wan0" = {
-      matchConfig.Name = "wan0";
-      networkConfig.DHCP = "ipv4";
-      dhcpV4Config = {
-        UseDNS = true;
-        UseDomains = true;
-
-        # Don't release IPv4 address on restart/reboots
-        SendRelease = false;
-      };
-    };
-
-    links."15-mgmt0" = ethLink "mgmt0" "a0:36:9f:fa:5d:6c";
-    networks."15-mgmt0" = {
-      matchConfig.Name = "mgmt0";
-      address = [ "192.168.0.1/24" ];
-      vlan = [ "iot" "guest" ];
-      networkConfig = {
-        DHCP = "no";
-        Domains = "home";
-      };
-    };
-
-    # unused interface
-    links."16-mgmt1" = ethLink "mgmt1" "a0:36:9f:fa:5d:6d";
-
-    # IoT VLAN.
-    netdevs."25-iot" = vlanNetdev "iot" 10;
-    networks."25-iot" = vlanNetwork "iot" 10;
-
-    # Guest VLAN.
-    netdevs."30-guest" = vlanNetdev "guest" 20;
-    networks."30-guest" = vlanNetwork "guest" 20;
-
-    # ignore these interfaces, as they are not used
-    wait-online.ignoredInterfaces = [ "mgmt1" "wlp8s0" ];
-  };
-
-  # don't use systemd-resolved on the router
-  services.resolved.enable = false;
-
-  networking.hostName = "carmel";
-  networking.useDHCP = false;
-
-  networking.firewall = {
-    enable = true;
-    allowPing = true;
-    # If rejectPackets = true, refused packets are rejected rather than dropped (ignored). This
-    # means that an ICMP "port unreachable" error message is sent back to the client (or a TCP RST
-    # packet in case of an existing connection). Rejecting packets makes port scanning somewhat
-    # easier.
-    rejectPackets = false;
-
-    trustedInterfaces = [ "mgmt0" "iot" "guest" "wg0" ];
-
-    logRefusedConnections = true;
-    logRefusedPackets = false;
-    logReversePathDrops = true;
-
-    interfaces = {
-      "wan0" = {
-        allowedTCPPorts = [
-          22 # ssh
-          51413 # transmission
-        ];
-        allowedUDPPorts = [
-          35947 # wireguard
-          51413 # transmission
-        ];
-      };
-    };
-  };
-
-  networking.nat = {
-    enable = true;
-    externalInterface = "wan0";
-    internalInterfaces = [ "mgmt0" "guest" "iot" ];
-  };
-
-  networking.private-wireguard.enable = true;
-}
diff --git a/hosts/carmel/secrets/secrets.nix b/hosts/carmel/secrets/secrets.nix
deleted file mode 100644
index c6f0b35..0000000
--- a/hosts/carmel/secrets/secrets.nix
+++ /dev/null
@@ -1,9 +0,0 @@
-let
-  root = "age1ey5kk4hufygu7wuw4p6dmtxaem08lshuk4p9nj0sw7ynh0lexvrsnudehr";
-  fcuny = "age1keyvdhpspgqp4g5zjthdphau5q5qlt6fs0ex0wqnve66dmup9pzqn4sakj";
-  backup = "age1fh4960rdrk4d7m4c5lwd3trvw9ylk09dvucj2gd2udy7d5cz2a0svcqws6";
-  all = [ root fcuny backup ];
-in
-{
-  "wireguard_privatekey.age".publicKeys = all;
-}
diff --git a/hosts/carmel/secrets/wireguard_privatekey.age b/hosts/carmel/secrets/wireguard_privatekey.age
deleted file mode 100644
index 09c9b6a..0000000
--- a/hosts/carmel/secrets/wireguard_privatekey.age
+++ /dev/null
@@ -1,13 +0,0 @@
-age-encryption.org/v1
--> X25519 FPkiLvi9JeC3vBiE8cEkaTCVbUsGkhabsAe3aGjXQgU
-xiMkThXk5jqHpDBRvTfdBaTcp8onJxvT7aANkvgjTbE
--> X25519 oZwPWtnuEOFquxzbvNeO8kj5qhRhZGhncjqh1MpQRH8
-qORK1U5x5WIDqHN54m+mAgTVehF35QYoOF1/HRT07os
--> X25519 6qSLagkBc18qhavfkTlCl17ADvVyWeTKMEUZCIqwaXk
-cXuJK0dr3+Vov3agaJDA0o+OEs0fFLaHapNBo9GvHx0
--> J-grease ~`?4bjZ T9vNE:D N 1$3hAU[
-sMR56U11qdo+L37M02hD/EC6cJKrCaQZc8N2v+I8uXPvPHhRDHp8lQQBmSfyPaG6
-VaenaaWt+hH37CxKv0yJM7PcnHdTI2GshQ3MiWkfWrDlW8B6
---- 9X5ZgTvWnS9+Z94gRRN2iyDFrixCC9lpFbhhTxnHOOA
-Z�a��
-A}���}�%�Y�GV��U;@ΰ���{e�VE���m�Ła�	�����&!q;�u�B������[¸�<����
\ No newline at end of file
diff --git a/hosts/carmel/services.nix b/hosts/carmel/services.nix
deleted file mode 100644
index 6694950..0000000
--- a/hosts/carmel/services.nix
+++ /dev/null
@@ -1,18 +0,0 @@
-{ config, pkgs, ... }: {
-  services.nginx = {
-    streamConfig = ''
-      server {
-        listen 443;
-        proxy_timeout 2s;
-        proxy_pass 192.168.6.40:443;
-      }
-
-      server {
-        listen 80 reuseport;
-        proxy_timeout 2s;
-        proxy_pass 192.168.6.40:80;
-      }
-    '';
-  };
-  networking.firewall.allowedTCPPorts = [ 80 443 ];
-}
diff --git a/hosts/tahoe/boot.nix b/hosts/tahoe/boot.nix
deleted file mode 100644
index 89bd672..0000000
--- a/hosts/tahoe/boot.nix
+++ /dev/null
@@ -1,30 +0,0 @@
-{ config, ... }:
-
-{
-  boot = {
-    kernelParams = [
-      # get an IP address on boot, so we can unlock the root disk remotely
-      "ip=dhcp"
-      # rotate the screen 90 degree counter clockwise
-      "fbcon=rotate:1"
-    ];
-    initrd = {
-      # driver for the NIC, required in order to get an IP address
-      kernelModules = [ "r8169" ];
-      network = {
-        enable = true;
-        postCommands = ''
-          echo "cryptsetup-askpass; exit" > /root/.profile
-        '';
-        ssh = {
-          enable = true;
-          port = 2222;
-          hostKeys =
-            [ /etc/ssh/ssh_host_ed25519_key /etc/ssh/ssh_host_rsa_key ];
-          authorizedKeys =
-            config.users.users.fcuny.openssh.authorizedKeys.keys;
-        };
-      };
-    };
-  };
-}
diff --git a/hosts/tahoe/default.nix b/hosts/tahoe/default.nix
deleted file mode 100644
index 0f955f9..0000000
--- a/hosts/tahoe/default.nix
+++ /dev/null
@@ -1,73 +0,0 @@
-{ config, pkgs, hostname, lib, self, ... }:
-let
-  secrets = config.age.secrets;
-in
-{
-  imports = [
-    ./boot.nix
-    ./hardware.nix
-    ./services.nix
-    "${self}/profiles/btrfs.nix"
-    "${self}/profiles/nas.nix"
-    "${self}/profiles/acme.nix"
-    "${self}/profiles/nginx.nix"
-    "${self}/profiles/samba.nix"
-    "${self}/profiles/backup.nix"
-    "${self}/profiles/git-server.nix"
-    "${self}/profiles/music-server.nix"
-    "${self}/profiles/hardware/amd.nix"
-    "${self}/profiles/monitoring/exporter.nix"
-  ];
-
-  # Use systemd-networkd for networking
-  systemd.network.enable = true;
-  systemd.network.networks.enp42s0 = {
-    matchConfig.Name = "enp42s0";
-    networkConfig.DHCP = "yes";
-    dhcpV4Config = {
-      UseDNS = "yes";
-      UseDomains = "yes";
-    };
-  };
-
-  systemd.network.networks.enp33s0f1 = {
-    matchConfig.Name = "enp33s0f1";
-    networkConfig.DHCP = "yes";
-    dhcpV4Config = {
-      UseDNS = "yes";
-      UseDomains = "yes";
-    };
-  };
-
-  networking.useNetworkd = true;
-  networking.useDHCP = false;
-  networking.firewall.enable = false;
-  networking.private-wireguard.enable = true;
-
-  services.nscd.enable = false;
-  system.nssModules = lib.mkForce [ ];
-
-  my.services.backup = {
-    enable = true;
-    repository = "/data/slow/backups/hosts/${config.networking.hostName}";
-    timerConfig = { OnCalendar = "00:15"; };
-    passwordFile = secrets."restic/repo-systems".path;
-    paths =
-      [
-        "/data/fast/music"
-        "/data/fast/photos"
-        "/home/fcuny/documents"
-        "/home/fcuny/workspace"
-        "/home/fcuny/media"
-      ];
-    exclude = [ ];
-  };
-
-  # This value determines the NixOS release from which the default
-  # settings for stateful data, like file locations and database versions
-  # on your system were taken. It‘s perfectly fine and recommended to leave
-  # this value at the release version of the first install of this system.
-  # Before changing this value read the documentation for this option
-  # (e.g. man configuration.nix or on https://nixos.org/nixos/options.html).
-  system.stateVersion = "21.11"; # Did you read the comment?
-}
diff --git a/hosts/tahoe/hardware.nix b/hosts/tahoe/hardware.nix
deleted file mode 100644
index 5f14ab6..0000000
--- a/hosts/tahoe/hardware.nix
+++ /dev/null
@@ -1,58 +0,0 @@
-# Do not modify this file!  It was generated by ‘nixos-generate-config’
-# and may be overwritten by future invocations.  Please make changes
-# to /etc/nixos/configuration.nix instead.
-{ config, lib, pkgs, modulesPath, ... }:
-
-{
-  imports = [ (modulesPath + "/installer/scan/not-detected.nix") ];
-
-  boot.initrd.availableKernelModules =
-    [ "xhci_pci" "ahci" "nvme" "usbhid" "usb_storage" "sd_mod" ];
-  boot.extraModulePackages = [ ];
-
-  fileSystems."/" = {
-    device = "/dev/disk/by-uuid/128c2a5e-48f6-4d94-b196-fb5db500b36d";
-    fsType = "btrfs";
-    options = [ "subvol=nixos" ];
-  };
-
-  boot.initrd.luks.devices."system".allowDiscards = true;
-  boot.initrd.luks.devices."system".device =
-    "/dev/disk/by-uuid/0d11e090-d88f-4313-8a41-8ef52eea0870";
-
-  fileSystems."/home" = {
-    device = "/dev/disk/by-uuid/128c2a5e-48f6-4d94-b196-fb5db500b36d";
-    fsType = "btrfs";
-    options = [ "subvol=home" ];
-  };
-
-  fileSystems."/.snapshots" = {
-    device = "/dev/disk/by-uuid/128c2a5e-48f6-4d94-b196-fb5db500b36d";
-    fsType = "btrfs";
-    options = [ "subvol=snapshots" ];
-  };
-
-  fileSystems."/boot" = {
-    device = "/dev/disk/by-uuid/CBB9-B788";
-    fsType = "vfat";
-  };
-
-  fileSystems."/data/fast" = {
-    device = "/dev/disk/by-uuid/b9290b55-8ff6-4bd0-843d-a9e6f7a4df59";
-    fsType = "btrfs";
-  };
-
-  boot.initrd.luks.devices."raid-fast".device =
-    "/dev/disk/by-id/md-name-nixos:fast";
-
-  fileSystems."/data/slow" = {
-    device = "/dev/disk/by-uuid/0f16db51-0ee7-48d8-9e48-653b85ecbf0a";
-    fsType = "btrfs";
-  };
-
-  boot.initrd.luks.devices."raid-slow".device =
-    "/dev/disk/by-id/md-name-nixos:slow";
-
-  swapDevices =
-    [{ device = "/dev/disk/by-uuid/0f54b5ab-4fca-4c5a-a9eb-622553145163"; }];
-}
diff --git a/hosts/tahoe/home.nix b/hosts/tahoe/home.nix
deleted file mode 100644
index 9177e59..0000000
--- a/hosts/tahoe/home.nix
+++ /dev/null
@@ -1,8 +0,0 @@
-{ pkgs, self, ... }:
-
-{
-  imports = [
-    "${self}/home/profiles/home.nix"
-    "${self}/home/profiles/nas.nix"
-  ];
-}
diff --git a/hosts/tahoe/secrets/acme/credentials.age b/hosts/tahoe/secrets/acme/credentials.age
deleted file mode 100644
index 62f2d8e..0000000
--- a/hosts/tahoe/secrets/acme/credentials.age
+++ /dev/null
@@ -1,11 +0,0 @@
-age-encryption.org/v1
--> X25519 I1SRmXG3GfJFAaDuRFGBemlt2hgJZXgZVPcde35p9wU
-2A2DJQAtKk6oKMA0vVkyYI0+xgrXAQs5iwlCTeWONNM
--> X25519 ynhAKOCdwDX+vGmQZeHiUNsXWBg44ngl15kONGIgIBs
-RKIKJ+1bRdHcGt2dItang021tvwMtlyYYj/ho49tsao
--> X25519 7HjxRbuBB4JzR0OGOd6oWG4NOz33NkbgI/dOQAwxoTs
-a1mIT+Eoxcxr5Za0t3E85y983qCRUKRR/Df/m0qDp6M
--> *.ZS)?-grease # s5)@_oL
-Px5WZ6pr5T9P+HQLBfThzAneTtDKEMxOUQ
---- M3B2AdTnZ6Cv9CG2IknMfUgonbYzhVQNCFPJUbvUfk8
-�j���/tn
��j���P��ׇ���!y�O��Z+>o'y��A���K��1F��<4��%R��4B�Q
JN�[��>SNB�D�c������V�S��cc:1��@��4O���x�ÊLB���
\ No newline at end of file
diff --git a/hosts/tahoe/secrets/acme/gcp_service_account.json.age b/hosts/tahoe/secrets/acme/gcp_service_account.json.age
deleted file mode 100644
index 861220a..0000000
--- a/hosts/tahoe/secrets/acme/gcp_service_account.json.age
+++ /dev/null
Binary files differdiff --git a/hosts/tahoe/secrets/gandi/apikey.age b/hosts/tahoe/secrets/gandi/apikey.age
deleted file mode 100644
index 3f35522..0000000
--- a/hosts/tahoe/secrets/gandi/apikey.age
+++ /dev/null
@@ -1,11 +0,0 @@
-age-encryption.org/v1
--> X25519 jMYhTKmWi5riTgT9QQVOlzlIegqM1MI2QtJbOonsL2E
-bM9xqcJc41bKs0as9lIQQQGZhB5cmaZtO1fHCsrMR9M
--> X25519 3xMvuIuRGXBp/gbv+aZpjkp6wLw6hyRAqBIe/Pf+Szo
-2X45mDvLNcDOntT4JgZUFHpnlShm3UYv7gCpHGaj4Fo
--> X25519 xemfO0+4pS8WG/7QoIIqULZ/xN+C0l+LbBgv4QIdcQU
-VfoMT93/3hTZdPo4ALCaEZrIO3bHhsoxCwf6DyXPwvI
--> s06@-grease .@\9Og@9 7yCI nS'`(65/
-W1seHOnAnPFF8BB6uqQKv8JwpmoNCU93i06VtxuuHiaeGrlXNPiF0ikD/mysdA
---- dpDFFk5ZPUwQZp96fpS85eZCVELD4GB1uwl/8ev5moA
-��⇼�?�Z�u�����>��x��3d[s�Lٵ
��)�|[��z��1#�c�Ѩ���3B�HLw҂�]$�.
\ No newline at end of file
diff --git a/hosts/tahoe/secrets/restic/repo-systems.age b/hosts/tahoe/secrets/restic/repo-systems.age
deleted file mode 100644
index e3e975e..0000000
--- a/hosts/tahoe/secrets/restic/repo-systems.age
+++ /dev/null
@@ -1,14 +0,0 @@
-age-encryption.org/v1
--> X25519 9ic8vm8qcpzWoqMDi6eN1dIM8v8ENzdrU9ef/hYptgo
-vRrH93V+KVEfjWcZGTO4jvuE9vItKs2JC0LoXmEo5J0
--> X25519 oKF2qEVOVa1FvaiAmm+8poCTM6TCNkAkKlu9LjdnPQY
-sJAs8bVoJKWyO1doUkY7Ppky3Q8u3JMP99Pcwtcwrk8
--> X25519 5jPqZeXJPZVD6YEkF/JuLyZDc1z6dOfkNTXV6w1R62M
-fZKW+cqYJBAcA2H0mDGsKFaAMbdHe8p7hF+y1IjobVs
--> /-grease zG>:_b
-rUaFTPq15hon1gmx7J0IGytSHoqQceYGL2XB6h00RdWZuanXZI1F2hWbEvgWFIqB
-xXxPJ4Le
---- wrrYjOQ0i4YtHfNs2g594CFVLTAKfMRJCptxZ12YkYM
->��襝%@��x�V�1�sJ`�'C
-���6/�b��֖xV�ؠW(
-,��8
\ No newline at end of file
diff --git a/hosts/tahoe/secrets/rsync.net/ssh-key.age b/hosts/tahoe/secrets/rsync.net/ssh-key.age
deleted file mode 100644
index d7c721a..0000000
--- a/hosts/tahoe/secrets/rsync.net/ssh-key.age
+++ /dev/null
Binary files differdiff --git a/hosts/tahoe/secrets/secrets.nix b/hosts/tahoe/secrets/secrets.nix
deleted file mode 100644
index d8283fe..0000000
--- a/hosts/tahoe/secrets/secrets.nix
+++ /dev/null
@@ -1,38 +0,0 @@
-let
-  root = "age1nxwgdy3p9fft0zsae440wyulknf5rk82s0wnxssrpxu4nezysa4qexcvpl";
-  fcuny = "age1keyvdhpspgqp4g5zjthdphau5q5qlt6fs0ex0wqnve66dmup9pzqn4sakj";
-  backup = "age1fh4960rdrk4d7m4c5lwd3trvw9ylk09dvucj2gd2udy7d5cz2a0svcqws6";
-  all = [ root fcuny backup ];
-in
-{
-  "wireguard_privatekey.age".publicKeys = all;
-
-  "acme/credentials.age".publicKeys = all;
-  "acme/gcp_service_account.json.age" = {
-    publicKeys = all;
-    owner = "acme";
-  };
-
-  "syncthing/key.age" = {
-    publicKeys = all;
-    owner = "fcuny";
-  };
-
-  "syncthing/cert.age" = {
-    publicKeys = all;
-    owner = "fcuny";
-  };
-
-  "unifi/unifi-poller.age" = {
-    publicKeys = all;
-    owner = "unpoller-exporter";
-  };
-
-  "gandi/apikey.age" = {
-    publicKeys = all;
-    owner = "acme";
-  };
-
-  "restic/repo-systems.age".publicKeys = all;
-  "rsync.net/ssh-key.age".publicKeys = all;
-}
diff --git a/hosts/tahoe/secrets/sendsms/config.age b/hosts/tahoe/secrets/sendsms/config.age
deleted file mode 100644
index ecc0845..0000000
--- a/hosts/tahoe/secrets/sendsms/config.age
+++ /dev/null
@@ -1,12 +0,0 @@
-age-encryption.org/v1
--> X25519 Zjg3+y6mTEnsr8yCDyLBk+Z6QlSzHey7zndDYTaMfG4
-iXuA53MwZevEyGaYXQU1tzh14A5YCKpA2yJjFNggkOA
--> X25519 FIxTPWtuK2265U+tv/lxypDny+WqPTYlbAcv9FXrzjg
-0Xj8azxb+63MyopqX/cedwsvtFNeQdoyhUmiUjZiK40
--> X25519 ev4WoBl4Jot56FFz/8D+sVThLVE2x2ZN41WVWESP0yk
-vPW/CPecXPoYy9DrbhHkg030TCspZlRyK3x8vHcK5JI
--> a-grease if{suxQ- 9Ls &_~KF%=
-dkuZH7Yp/LW7XONo9KhJ1RLUVUgH0IrIs/+6y6RfIxUTqQcMU2o
---- ddHv1vU3hd13grUfTVlbut4JBRt1RVT2oU6HXKlOBDU
-~T�k
���<��$��U;�$k俸Bg̘��h�	����ʐ
-~�[x(��7�4������T�p�ݿU�u%7R�k�P�t�.��¡=i��U�Hg����
�K!�j�C�
l U6�ax�<��t3>8ҋeaE���#�o?y�V�8��u�,�y�H���6�<i�‘�����>�=m
�\*f�(m��2R'B�8��[�p(�q�
\ No newline at end of file
diff --git a/hosts/tahoe/secrets/syncthing/cert.age b/hosts/tahoe/secrets/syncthing/cert.age
deleted file mode 100644
index cbc59bd..0000000
--- a/hosts/tahoe/secrets/syncthing/cert.age
+++ /dev/null
Binary files differdiff --git a/hosts/tahoe/secrets/syncthing/key.age b/hosts/tahoe/secrets/syncthing/key.age
deleted file mode 100644
index d8f21e1..0000000
--- a/hosts/tahoe/secrets/syncthing/key.age
+++ /dev/null
@@ -1,14 +0,0 @@
-age-encryption.org/v1
--> X25519 Y52YsCYjJDZKhCIu+7kTs6jxJjwW6m84yTFX58jyt34
-4GHnB54xrAVyU0oxZhl+wnL296HA4AXPmMRzuZmOGkA
--> X25519 vKd7jTrBShvHFFY67+xooWxDtmNYbc2Fh2G/cYV0tmo
-CWBEcJTVuHZy9tSIcq7RSQKhvEmcJr6CT1T36e2//D0
--> X25519 tq3r1Zdz7QJdHjE8ly9Uzw54jkAyq63D6iw2JXpUDWk
-ktxqJh7S1kH47G77mUB31IKrY8eHpW9huRVOoxPPOd4
--> -pi[:-grease zVwevS
-mO8
---- EBzdJICAmJmFzQ1pqU1eyGLBBcYc4DMqAgxJq25/hzg
-S���W�������� E�o���96�G��cC
-?��}�d`�:֟tu왾�x�Rv�mS:0Ŷ����a��^�z�S�
-�J����`{o� oU����t��fT�A�,����t�LߐsOCy�P�g
5O4(��R ;`q���k�sn�T_��d�3�AG������[l�A�Ϫifs���a	ҙ��EV��sP�r�����:�b�Ṇ�oƺ3pɪ�����(:.Lc�}�46��<m*��trM� l�>�V�V!:
��
--r����G����$�Y��M7�X}l�j���r���L�4���z�b2�4z
\ No newline at end of file
diff --git a/hosts/tahoe/secrets/unifi/unifi-poller.age b/hosts/tahoe/secrets/unifi/unifi-poller.age
deleted file mode 100644
index 0bba247..0000000
--- a/hosts/tahoe/secrets/unifi/unifi-poller.age
+++ /dev/null
Binary files differdiff --git a/hosts/tahoe/secrets/wireguard_privatekey.age b/hosts/tahoe/secrets/wireguard_privatekey.age
deleted file mode 100644
index f08c7aa..0000000
--- a/hosts/tahoe/secrets/wireguard_privatekey.age
+++ /dev/null
@@ -1,12 +0,0 @@
-age-encryption.org/v1
--> X25519 eyw1uK0XuDb6Iaq8pY4VUQNbEKSmj2JltoXIlqUWsn8
-ZzfbNdgoYIvWSeLNyUoitEFvueZiPlYUrsLJzGlUp30
--> X25519 WcbSf4EMR2Bhn1lkkvGlb6NFG3vdVp/KOSO7m4dLRAc
-3rNJ7W5idYYpNr1pavUeGtfT30whV+b2htBjQSE3jlc
--> X25519 v5INWoeE7B+cdBuOWGkJ6qITX4O0cuLPEZjFV7JpEXE
-D9sbaowN+HsnjVW3qyLiO2XeXudFT0BlFtUAaz1oWxE
--> x-grease x
-CQMrW2t0tVTjuvj+otbdZS/sxUGHDqDoyMVyAkVYhOfpxm8lZCVVlwXPhe6HEufB
-oSG6QFkJ8BrPIKn2XA
---- /XVESiNkDBYD0NYoXQhomrWbAC7RufQusQ9lAj8Jgzs
-�$?i���1-�*W�<��9��i)��th��X���K�9X�sE#�P�X�$ 8Qq�f�Fo�����z�qgr��^}
\ No newline at end of file
diff --git a/hosts/tahoe/services.nix b/hosts/tahoe/services.nix
deleted file mode 100644
index 1159cb1..0000000
--- a/hosts/tahoe/services.nix
+++ /dev/null
@@ -1,21 +0,0 @@
-{ self, config, ... }:
-let secrets = config.age.secrets;
-in
-{
-  # this unit is broken and useless. I don't know how to not install
-  # it, so let's mask it.
-  systemd.services.mdmonitor.enable = false;
-
-  my.services = {
-    monitoring = {
-      prometheus = {
-        enable = true;
-        listenAddress = "192.168.6.40";
-      };
-      grafana = {
-        enable = true;
-        vhostName = "dash.${config.homelab.domain}";
-      };
-    };
-  };
-}