about summary refs log tree commit diff
path: root/hosts/carmel
diff options
context:
space:
mode:
authorFranck Cuny <franck@fcuny.net>2023-12-08 09:00:57 -0800
committerFranck Cuny <franck@fcuny.net>2023-12-08 09:00:57 -0800
commit7ff5c2e346a8efeba0c27f473271d8298a1266c2 (patch)
treea536441a137be3d6122b4d8a247db76f9cd8d12a /hosts/carmel
parentbuild(deps): bump cachix/install-nix-action from 23 to 24 (diff)
downloadworld-7ff5c2e346a8efeba0c27f473271d8298a1266c2.tar.gz
delete configuration for old machines
These machines are gone, no need to keep the configuration around.
Diffstat (limited to 'hosts/carmel')
-rw-r--r--hosts/carmel/default.nix35
-rw-r--r--hosts/carmel/hardware.nix26
-rw-r--r--hosts/carmel/home.nix6
-rw-r--r--hosts/carmel/networking.nix114
-rw-r--r--hosts/carmel/secrets/secrets.nix9
-rw-r--r--hosts/carmel/secrets/wireguard_privatekey.age13
-rw-r--r--hosts/carmel/services.nix18
7 files changed, 0 insertions, 221 deletions
diff --git a/hosts/carmel/default.nix b/hosts/carmel/default.nix
deleted file mode 100644
index 67c768b..0000000
--- a/hosts/carmel/default.nix
+++ /dev/null
@@ -1,35 +0,0 @@
-{ self, ... }:
-
-{
-  imports = [
-    ./hardware.nix
-    ./networking.nix
-    ./services.nix
-    "${self}/profiles/server.nix"
-    "${self}/profiles/hardware/amd.nix"
-    "${self}/profiles/nginx.nix"
-    "${self}/profiles/router.nix"
-    "${self}/profiles/monitoring/exporter.nix"
-    "${self}/profiles/monitoring/promtail.nix"
-  ];
-
-  boot.loader.efi.efiSysMountPoint = "/boot/efi";
-
-  services.avahi = {
-    enable = true;
-    # Important to resolve .local domains of printers, otherwise you get an error
-    # like  "Impossible to connect to XXX.local: Name or service not known"
-    nssmdns = true;
-    reflector = true;
-    interfaces = [ "mgmt0" "iot" ];
-    openFirewall = true;
-  };
-
-  # This value determines the NixOS release from which the default
-  # settings for stateful data, like file locations and database versions
-  # on your system were taken. It‘s perfectly fine and recommended to leave
-  # this value at the release version of the first install of this system.
-  # Before changing this value read the documentation for this option
-  # (e.g. man configuration.nix or on https://nixos.org/nixos/options.html).
-  system.stateVersion = "21.11"; # Did you read the comment?
-}
diff --git a/hosts/carmel/hardware.nix b/hosts/carmel/hardware.nix
deleted file mode 100644
index 44f46ae..0000000
--- a/hosts/carmel/hardware.nix
+++ /dev/null
@@ -1,26 +0,0 @@
-# Do not modify this file!  It was generated by ‘nixos-generate-config’
-# and may be overwritten by future invocations.  Please make changes
-# to /etc/nixos/configuration.nix instead.
-{ config, lib, pkgs, modulesPath, ... }:
-
-{
-  imports = [ (modulesPath + "/installer/scan/not-detected.nix") ];
-
-  boot.initrd.availableKernelModules =
-    [ "nvme" "xhci_pci" "ahci" "usbhid" "usb_storage" "sd_mod" ];
-  boot.extraModulePackages = [ ];
-
-  fileSystems."/" =
-    {
-      device = "/dev/disk/by-uuid/88b61fbd-a74e-4458-bf2e-65721bb06497";
-      fsType = "ext4";
-    };
-
-  fileSystems."/boot/efi" =
-    {
-      device = "/dev/disk/by-uuid/779F-4030";
-      fsType = "vfat";
-    };
-
-  swapDevices = [ ];
-}
diff --git a/hosts/carmel/home.nix b/hosts/carmel/home.nix
deleted file mode 100644
index 6fb5fc2..0000000
--- a/hosts/carmel/home.nix
+++ /dev/null
@@ -1,6 +0,0 @@
-{ self, ... }: {
-
-  imports = [
-    "${self}/home/modules/home.nixhome"
-  ];
-}
diff --git a/hosts/carmel/networking.nix b/hosts/carmel/networking.nix
deleted file mode 100644
index 99c9796..0000000
--- a/hosts/carmel/networking.nix
+++ /dev/null
@@ -1,114 +0,0 @@
-{ lib, ... }:
-let
-  ethLink = (name:
-    (mac: {
-      matchConfig = {
-        Type = "ether";
-        MACAddress = mac;
-      };
-      linkConfig.Name = name;
-    }));
-
-  vlanNetdev = (name:
-    (id: {
-      netdevConfig = {
-        Name = name;
-        Kind = "vlan";
-      };
-      vlanConfig.Id = id;
-    }));
-
-  vlanNetwork = (name:
-    (id: {
-      matchConfig.Name = name;
-
-      # Embed ID directly in IPv4 address for clarity.
-      address = [ "192.168.${toString id}.1/24" ];
-    }));
-in
-{
-  systemd.network = {
-    enable = true;
-
-    links."10-wan0" = ethLink "wan0" "a8:a1:59:43:95:36";
-    networks."10-wan0" = {
-      matchConfig.Name = "wan0";
-      networkConfig.DHCP = "ipv4";
-      dhcpV4Config = {
-        UseDNS = true;
-        UseDomains = true;
-
-        # Don't release IPv4 address on restart/reboots
-        SendRelease = false;
-      };
-    };
-
-    links."15-mgmt0" = ethLink "mgmt0" "a0:36:9f:fa:5d:6c";
-    networks."15-mgmt0" = {
-      matchConfig.Name = "mgmt0";
-      address = [ "192.168.0.1/24" ];
-      vlan = [ "iot" "guest" ];
-      networkConfig = {
-        DHCP = "no";
-        Domains = "home";
-      };
-    };
-
-    # unused interface
-    links."16-mgmt1" = ethLink "mgmt1" "a0:36:9f:fa:5d:6d";
-
-    # IoT VLAN.
-    netdevs."25-iot" = vlanNetdev "iot" 10;
-    networks."25-iot" = vlanNetwork "iot" 10;
-
-    # Guest VLAN.
-    netdevs."30-guest" = vlanNetdev "guest" 20;
-    networks."30-guest" = vlanNetwork "guest" 20;
-
-    # ignore these interfaces, as they are not used
-    wait-online.ignoredInterfaces = [ "mgmt1" "wlp8s0" ];
-  };
-
-  # don't use systemd-resolved on the router
-  services.resolved.enable = false;
-
-  networking.hostName = "carmel";
-  networking.useDHCP = false;
-
-  networking.firewall = {
-    enable = true;
-    allowPing = true;
-    # If rejectPackets = true, refused packets are rejected rather than dropped (ignored). This
-    # means that an ICMP "port unreachable" error message is sent back to the client (or a TCP RST
-    # packet in case of an existing connection). Rejecting packets makes port scanning somewhat
-    # easier.
-    rejectPackets = false;
-
-    trustedInterfaces = [ "mgmt0" "iot" "guest" "wg0" ];
-
-    logRefusedConnections = true;
-    logRefusedPackets = false;
-    logReversePathDrops = true;
-
-    interfaces = {
-      "wan0" = {
-        allowedTCPPorts = [
-          22 # ssh
-          51413 # transmission
-        ];
-        allowedUDPPorts = [
-          35947 # wireguard
-          51413 # transmission
-        ];
-      };
-    };
-  };
-
-  networking.nat = {
-    enable = true;
-    externalInterface = "wan0";
-    internalInterfaces = [ "mgmt0" "guest" "iot" ];
-  };
-
-  networking.private-wireguard.enable = true;
-}
diff --git a/hosts/carmel/secrets/secrets.nix b/hosts/carmel/secrets/secrets.nix
deleted file mode 100644
index c6f0b35..0000000
--- a/hosts/carmel/secrets/secrets.nix
+++ /dev/null
@@ -1,9 +0,0 @@
-let
-  root = "age1ey5kk4hufygu7wuw4p6dmtxaem08lshuk4p9nj0sw7ynh0lexvrsnudehr";
-  fcuny = "age1keyvdhpspgqp4g5zjthdphau5q5qlt6fs0ex0wqnve66dmup9pzqn4sakj";
-  backup = "age1fh4960rdrk4d7m4c5lwd3trvw9ylk09dvucj2gd2udy7d5cz2a0svcqws6";
-  all = [ root fcuny backup ];
-in
-{
-  "wireguard_privatekey.age".publicKeys = all;
-}
diff --git a/hosts/carmel/secrets/wireguard_privatekey.age b/hosts/carmel/secrets/wireguard_privatekey.age
deleted file mode 100644
index 09c9b6a..0000000
--- a/hosts/carmel/secrets/wireguard_privatekey.age
+++ /dev/null
@@ -1,13 +0,0 @@
-age-encryption.org/v1
--> X25519 FPkiLvi9JeC3vBiE8cEkaTCVbUsGkhabsAe3aGjXQgU
-xiMkThXk5jqHpDBRvTfdBaTcp8onJxvT7aANkvgjTbE
--> X25519 oZwPWtnuEOFquxzbvNeO8kj5qhRhZGhncjqh1MpQRH8
-qORK1U5x5WIDqHN54m+mAgTVehF35QYoOF1/HRT07os
--> X25519 6qSLagkBc18qhavfkTlCl17ADvVyWeTKMEUZCIqwaXk
-cXuJK0dr3+Vov3agaJDA0o+OEs0fFLaHapNBo9GvHx0
--> J-grease ~`?4bjZ T9vNE:D N 1$3hAU[
-sMR56U11qdo+L37M02hD/EC6cJKrCaQZc8N2v+I8uXPvPHhRDHp8lQQBmSfyPaG6
-VaenaaWt+hH37CxKv0yJM7PcnHdTI2GshQ3MiWkfWrDlW8B6
---- 9X5ZgTvWnS9+Z94gRRN2iyDFrixCC9lpFbhhTxnHOOA
-Za
-A}}%YGVU;@ΰ{eVEmŁa	&!q;uB[¸<
\ No newline at end of file
diff --git a/hosts/carmel/services.nix b/hosts/carmel/services.nix
deleted file mode 100644
index 6694950..0000000
--- a/hosts/carmel/services.nix
+++ /dev/null
@@ -1,18 +0,0 @@
-{ config, pkgs, ... }: {
-  services.nginx = {
-    streamConfig = ''
-      server {
-        listen 443;
-        proxy_timeout 2s;
-        proxy_pass 192.168.6.40:443;
-      }
-
-      server {
-        listen 80 reuseport;
-        proxy_timeout 2s;
-        proxy_pass 192.168.6.40:80;
-      }
-    '';
-  };
-  networking.firewall.allowedTCPPorts = [ 80 443 ];
-}