diff options
32 files changed, 0 insertions, 680 deletions
diff --git a/hosts/aptos/default.nix b/hosts/aptos/default.nix deleted file mode 100644 index 863e995..0000000 --- a/hosts/aptos/default.nix +++ /dev/null @@ -1,65 +0,0 @@ -{ self, config, lib, ... }: -let - secrets = config.age.secrets; - ssh-key-path = secrets."restic/ssh-key".path; -in -{ - imports = [ - ./hardware.nix - "${self}/profiles/btrfs.nix" - "${self}/profiles/documentation.nix" - "${self}/profiles/laptop.nix" - "${self}/profiles/syncthing.nix" - "${self}/profiles/hardware/xps9300.nix" - ]; - - # Use systemd-networkd for networking - systemd.network.enable = true; - systemd.network.networks.wlan0 = { - matchConfig.Name = "wlan0"; - networkConfig.DHCP = "yes"; - dhcpV4Config = { - UseDNS = "yes"; - UseDomains = "yes"; - }; - }; - - networking.useNetworkd = true; - networking.useDHCP = false; - networking.private-wireguard.enable = true; - - services.nscd.enable = false; - system.nssModules = lib.mkForce [ ]; - - my.services.backup = { - enable = true; - repository = "sftp:192.168.6.40:/${config.networking.hostName}"; - exclude = [ - # paths that I don't want to backup - "/home/fcuny/workspace/tmp" - - # various development related files - "**/target" - "**/.direnv" - "**/result" - ]; - timerConfig = { OnCalendar = "06:30"; }; - passwordFile = secrets."restic/repo-users".path; - extraOptions = [ - "sftp.command='ssh backup@192.168.6.40 -i ${ssh-key-path} -s sftp'" - ]; - paths = [ - "/home/fcuny/workspace" - "/home/fcuny/media" - "/home/fcuny/documents" - ]; - }; - - # This value determines the NixOS release from which the default - # settings for stateful data, like file locations and database versions - # on your system were taken. It‘s perfectly fine and recommended to leave - # this value at the release version of the first install of this system. - # Before changing this value read the documentation for this option - # (e.g. man configuration.nix or on https://nixos.org/nixos/options.html). - system.stateVersion = "23.05"; # Did you read the comment? -} diff --git a/hosts/aptos/hardware.nix b/hosts/aptos/hardware.nix deleted file mode 100644 index 01e2a96..0000000 --- a/hosts/aptos/hardware.nix +++ /dev/null @@ -1,44 +0,0 @@ -# Do not modify this file! It was generated by ‘nixos-generate-config’ -# and may be overwritten by future invocations. Please make changes -# to /etc/nixos/configuration.nix instead. -{ config, lib, pkgs, modulesPath, ... }: - -{ - imports = [ (modulesPath + "/installer/scan/not-detected.nix") ]; - - boot.initrd.availableKernelModules = - [ "xhci_pci" "nvme" "usb_storage" "sd_mod" "rtsx_pci_sdmmc" ]; - boot.extraModulePackages = [ ]; - - fileSystems."/" = { - device = "/dev/disk/by-uuid/292e07ac-4199-4a97-94a6-bd2fd2a9cf6a"; - fsType = "btrfs"; - options = [ "subvol=nixos" ]; - }; - - boot.initrd.luks.devices."system".allowDiscards = true; - boot.initrd.luks.devices."system".device = - "/dev/disk/by-uuid/c83a8db7-4215-4864-8a46-b8ca839d8c05"; - - fileSystems."/home" = { - device = "/dev/disk/by-uuid/292e07ac-4199-4a97-94a6-bd2fd2a9cf6a"; - fsType = "btrfs"; - options = [ "subvol=home" ]; - }; - - fileSystems."/.snapshots" = { - device = "/dev/disk/by-uuid/292e07ac-4199-4a97-94a6-bd2fd2a9cf6a"; - fsType = "btrfs"; - options = [ "subvol=snapshots" ]; - }; - - fileSystems."/boot" = { - device = "/dev/disk/by-uuid/42D9-6EA8"; - fsType = "vfat"; - }; - - swapDevices = - [{ device = "/dev/disk/by-uuid/24041034-ff39-44bf-a04c-8fd8318b554d"; }]; - - powerManagement.cpuFreqGovernor = lib.mkDefault "powersave"; -} diff --git a/hosts/aptos/home.nix b/hosts/aptos/home.nix deleted file mode 100644 index e4ce2ec..0000000 --- a/hosts/aptos/home.nix +++ /dev/null @@ -1,8 +0,0 @@ -{ self, ... }: { - imports = [ - "${self}/home/profiles/home.nix" - "${self}/home/profiles/workstation.nix" - "${self}/home/profiles/sway.nix" - "${self}/home/profiles/matrix.nix" - ]; -} diff --git a/hosts/aptos/secrets/restic/repo-users.age b/hosts/aptos/secrets/restic/repo-users.age deleted file mode 100644 index d41fd40..0000000 --- a/hosts/aptos/secrets/restic/repo-users.age +++ /dev/null Binary files differdiff --git a/hosts/aptos/secrets/restic/ssh-key.age b/hosts/aptos/secrets/restic/ssh-key.age deleted file mode 100644 index 05024cf..0000000 --- a/hosts/aptos/secrets/restic/ssh-key.age +++ /dev/null Binary files differdiff --git a/hosts/aptos/secrets/secrets.nix b/hosts/aptos/secrets/secrets.nix deleted file mode 100644 index 21aae44..0000000 --- a/hosts/aptos/secrets/secrets.nix +++ /dev/null @@ -1,28 +0,0 @@ -let - root = "age1g3hjfg8rsyaunsa63q73flxt0rnmqng5mvjk5qywsu0xjvuwq5rsmuxk35"; - fcuny = "age1keyvdhpspgqp4g5zjthdphau5q5qlt6fs0ex0wqnve66dmup9pzqn4sakj"; - backup = "age1fh4960rdrk4d7m4c5lwd3trvw9ylk09dvucj2gd2udy7d5cz2a0svcqws6"; -in -{ - "wireguard_privatekey.age".publicKeys = [ root fcuny backup ]; - - "syncthing/key.age" = { - publicKeys = [ root fcuny backup ]; - owner = "fcuny"; - }; - - "syncthing/cert.age" = { - publicKeys = [ root fcuny backup ]; - owner = "fcuny"; - }; - - "restic/repo-users.age" = { - publicKeys = [ root fcuny backup ]; - owner = "fcuny"; - }; - - "restic/ssh-key.age" = { - publicKeys = [ root fcuny backup ]; - owner = "fcuny"; - }; -} diff --git a/hosts/aptos/secrets/syncthing/cert.age b/hosts/aptos/secrets/syncthing/cert.age deleted file mode 100644 index 643c161..0000000 --- a/hosts/aptos/secrets/syncthing/cert.age +++ /dev/null Binary files differdiff --git a/hosts/aptos/secrets/syncthing/key.age b/hosts/aptos/secrets/syncthing/key.age deleted file mode 100644 index ccce5f9..0000000 --- a/hosts/aptos/secrets/syncthing/key.age +++ /dev/null Binary files differdiff --git a/hosts/aptos/secrets/wireguard_privatekey.age b/hosts/aptos/secrets/wireguard_privatekey.age deleted file mode 100644 index 9432fec..0000000 --- a/hosts/aptos/secrets/wireguard_privatekey.age +++ /dev/null @@ -1,12 +0,0 @@ -age-encryption.org/v1 --> X25519 cF4f+dR4+vxS/hQd1WoZZunRirr35gR1fYVWuh1nwQE -UY5m7yloCfck7OVVliGX68zxh0QuvTSv7nxlnC5m1B4 --> X25519 zxKJdMAMaZ5aCwyJMm+pqM/11yMus75bjfou0pzGTgA -PedPmd2sI7rY8QETLY50IaFFeeS+IHewRpk8NX/MiRw --> X25519 Hz9sZ8VVQ8Mg8cksHMzn+V1NRMcahjIrq+n0LKnHhmw -okLZa9YEQ8y3kRB0nQwtMx4OA9dIOYRt+E3O3BOkteA --> BG8F-grease -3+ZxToXbRMhNaEH0KPXOEizBGesGGPTxVlGyHEnMJH63XdYk9DRiTfxt/FmN/K70 -LX+XL+LFIphYxtU2JZgFDdmpsH0 ---- vYsrZk3u29yzp9f8mTYPQn8Eie7xWYTq0Kh3Wp6MEaI -LWD`ʬx2,zm+W908əhVXU*l_$lۓ}]EӣVIC \ No newline at end of file diff --git a/hosts/carmel/default.nix b/hosts/carmel/default.nix deleted file mode 100644 index 67c768b..0000000 --- a/hosts/carmel/default.nix +++ /dev/null @@ -1,35 +0,0 @@ -{ self, ... }: - -{ - imports = [ - ./hardware.nix - ./networking.nix - ./services.nix - "${self}/profiles/server.nix" - "${self}/profiles/hardware/amd.nix" - "${self}/profiles/nginx.nix" - "${self}/profiles/router.nix" - "${self}/profiles/monitoring/exporter.nix" - "${self}/profiles/monitoring/promtail.nix" - ]; - - boot.loader.efi.efiSysMountPoint = "/boot/efi"; - - services.avahi = { - enable = true; - # Important to resolve .local domains of printers, otherwise you get an error - # like "Impossible to connect to XXX.local: Name or service not known" - nssmdns = true; - reflector = true; - interfaces = [ "mgmt0" "iot" ]; - openFirewall = true; - }; - - # This value determines the NixOS release from which the default - # settings for stateful data, like file locations and database versions - # on your system were taken. It‘s perfectly fine and recommended to leave - # this value at the release version of the first install of this system. - # Before changing this value read the documentation for this option - # (e.g. man configuration.nix or on https://nixos.org/nixos/options.html). - system.stateVersion = "21.11"; # Did you read the comment? -} diff --git a/hosts/carmel/hardware.nix b/hosts/carmel/hardware.nix deleted file mode 100644 index 44f46ae..0000000 --- a/hosts/carmel/hardware.nix +++ /dev/null @@ -1,26 +0,0 @@ -# Do not modify this file! It was generated by ‘nixos-generate-config’ -# and may be overwritten by future invocations. Please make changes -# to /etc/nixos/configuration.nix instead. -{ config, lib, pkgs, modulesPath, ... }: - -{ - imports = [ (modulesPath + "/installer/scan/not-detected.nix") ]; - - boot.initrd.availableKernelModules = - [ "nvme" "xhci_pci" "ahci" "usbhid" "usb_storage" "sd_mod" ]; - boot.extraModulePackages = [ ]; - - fileSystems."/" = - { - device = "/dev/disk/by-uuid/88b61fbd-a74e-4458-bf2e-65721bb06497"; - fsType = "ext4"; - }; - - fileSystems."/boot/efi" = - { - device = "/dev/disk/by-uuid/779F-4030"; - fsType = "vfat"; - }; - - swapDevices = [ ]; -} diff --git a/hosts/carmel/home.nix b/hosts/carmel/home.nix deleted file mode 100644 index 6fb5fc2..0000000 --- a/hosts/carmel/home.nix +++ /dev/null @@ -1,6 +0,0 @@ -{ self, ... }: { - - imports = [ - "${self}/home/modules/home.nixhome" - ]; -} diff --git a/hosts/carmel/networking.nix b/hosts/carmel/networking.nix deleted file mode 100644 index 99c9796..0000000 --- a/hosts/carmel/networking.nix +++ /dev/null @@ -1,114 +0,0 @@ -{ lib, ... }: -let - ethLink = (name: - (mac: { - matchConfig = { - Type = "ether"; - MACAddress = mac; - }; - linkConfig.Name = name; - })); - - vlanNetdev = (name: - (id: { - netdevConfig = { - Name = name; - Kind = "vlan"; - }; - vlanConfig.Id = id; - })); - - vlanNetwork = (name: - (id: { - matchConfig.Name = name; - - # Embed ID directly in IPv4 address for clarity. - address = [ "192.168.${toString id}.1/24" ]; - })); -in -{ - systemd.network = { - enable = true; - - links."10-wan0" = ethLink "wan0" "a8:a1:59:43:95:36"; - networks."10-wan0" = { - matchConfig.Name = "wan0"; - networkConfig.DHCP = "ipv4"; - dhcpV4Config = { - UseDNS = true; - UseDomains = true; - - # Don't release IPv4 address on restart/reboots - SendRelease = false; - }; - }; - - links."15-mgmt0" = ethLink "mgmt0" "a0:36:9f:fa:5d:6c"; - networks."15-mgmt0" = { - matchConfig.Name = "mgmt0"; - address = [ "192.168.0.1/24" ]; - vlan = [ "iot" "guest" ]; - networkConfig = { - DHCP = "no"; - Domains = "home"; - }; - }; - - # unused interface - links."16-mgmt1" = ethLink "mgmt1" "a0:36:9f:fa:5d:6d"; - - # IoT VLAN. - netdevs."25-iot" = vlanNetdev "iot" 10; - networks."25-iot" = vlanNetwork "iot" 10; - - # Guest VLAN. - netdevs."30-guest" = vlanNetdev "guest" 20; - networks."30-guest" = vlanNetwork "guest" 20; - - # ignore these interfaces, as they are not used - wait-online.ignoredInterfaces = [ "mgmt1" "wlp8s0" ]; - }; - - # don't use systemd-resolved on the router - services.resolved.enable = false; - - networking.hostName = "carmel"; - networking.useDHCP = false; - - networking.firewall = { - enable = true; - allowPing = true; - # If rejectPackets = true, refused packets are rejected rather than dropped (ignored). This - # means that an ICMP "port unreachable" error message is sent back to the client (or a TCP RST - # packet in case of an existing connection). Rejecting packets makes port scanning somewhat - # easier. - rejectPackets = false; - - trustedInterfaces = [ "mgmt0" "iot" "guest" "wg0" ]; - - logRefusedConnections = true; - logRefusedPackets = false; - logReversePathDrops = true; - - interfaces = { - "wan0" = { - allowedTCPPorts = [ - 22 # ssh - 51413 # transmission - ]; - allowedUDPPorts = [ - 35947 # wireguard - 51413 # transmission - ]; - }; - }; - }; - - networking.nat = { - enable = true; - externalInterface = "wan0"; - internalInterfaces = [ "mgmt0" "guest" "iot" ]; - }; - - networking.private-wireguard.enable = true; -} diff --git a/hosts/carmel/secrets/secrets.nix b/hosts/carmel/secrets/secrets.nix deleted file mode 100644 index c6f0b35..0000000 --- a/hosts/carmel/secrets/secrets.nix +++ /dev/null @@ -1,9 +0,0 @@ -let - root = "age1ey5kk4hufygu7wuw4p6dmtxaem08lshuk4p9nj0sw7ynh0lexvrsnudehr"; - fcuny = "age1keyvdhpspgqp4g5zjthdphau5q5qlt6fs0ex0wqnve66dmup9pzqn4sakj"; - backup = "age1fh4960rdrk4d7m4c5lwd3trvw9ylk09dvucj2gd2udy7d5cz2a0svcqws6"; - all = [ root fcuny backup ]; -in -{ - "wireguard_privatekey.age".publicKeys = all; -} diff --git a/hosts/carmel/secrets/wireguard_privatekey.age b/hosts/carmel/secrets/wireguard_privatekey.age deleted file mode 100644 index 09c9b6a..0000000 --- a/hosts/carmel/secrets/wireguard_privatekey.age +++ /dev/null @@ -1,13 +0,0 @@ -age-encryption.org/v1 --> X25519 FPkiLvi9JeC3vBiE8cEkaTCVbUsGkhabsAe3aGjXQgU -xiMkThXk5jqHpDBRvTfdBaTcp8onJxvT7aANkvgjTbE --> X25519 oZwPWtnuEOFquxzbvNeO8kj5qhRhZGhncjqh1MpQRH8 -qORK1U5x5WIDqHN54m+mAgTVehF35QYoOF1/HRT07os --> X25519 6qSLagkBc18qhavfkTlCl17ADvVyWeTKMEUZCIqwaXk -cXuJK0dr3+Vov3agaJDA0o+OEs0fFLaHapNBo9GvHx0 --> J-grease ~`?4bjZ T9vNE:D N 1$3hAU[ -sMR56U11qdo+L37M02hD/EC6cJKrCaQZc8N2v+I8uXPvPHhRDHp8lQQBmSfyPaG6 -VaenaaWt+hH37CxKv0yJM7PcnHdTI2GshQ3MiWkfWrDlW8B6 ---- 9X5ZgTvWnS9+Z94gRRN2iyDFrixCC9lpFbhhTxnHOOA -Za -A}}%YGVU;@ΰ{eVEmŁa &!q;uB[¸< \ No newline at end of file diff --git a/hosts/carmel/services.nix b/hosts/carmel/services.nix deleted file mode 100644 index 6694950..0000000 --- a/hosts/carmel/services.nix +++ /dev/null @@ -1,18 +0,0 @@ -{ config, pkgs, ... }: { - services.nginx = { - streamConfig = '' - server { - listen 443; - proxy_timeout 2s; - proxy_pass 192.168.6.40:443; - } - - server { - listen 80 reuseport; - proxy_timeout 2s; - proxy_pass 192.168.6.40:80; - } - ''; - }; - networking.firewall.allowedTCPPorts = [ 80 443 ]; -} diff --git a/hosts/tahoe/boot.nix b/hosts/tahoe/boot.nix deleted file mode 100644 index 89bd672..0000000 --- a/hosts/tahoe/boot.nix +++ /dev/null @@ -1,30 +0,0 @@ -{ config, ... }: - -{ - boot = { - kernelParams = [ - # get an IP address on boot, so we can unlock the root disk remotely - "ip=dhcp" - # rotate the screen 90 degree counter clockwise - "fbcon=rotate:1" - ]; - initrd = { - # driver for the NIC, required in order to get an IP address - kernelModules = [ "r8169" ]; - network = { - enable = true; - postCommands = '' - echo "cryptsetup-askpass; exit" > /root/.profile - ''; - ssh = { - enable = true; - port = 2222; - hostKeys = - [ /etc/ssh/ssh_host_ed25519_key /etc/ssh/ssh_host_rsa_key ]; - authorizedKeys = - config.users.users.fcuny.openssh.authorizedKeys.keys; - }; - }; - }; - }; -} diff --git a/hosts/tahoe/default.nix b/hosts/tahoe/default.nix deleted file mode 100644 index 0f955f9..0000000 --- a/hosts/tahoe/default.nix +++ /dev/null @@ -1,73 +0,0 @@ -{ config, pkgs, hostname, lib, self, ... }: -let - secrets = config.age.secrets; -in -{ - imports = [ - ./boot.nix - ./hardware.nix - ./services.nix - "${self}/profiles/btrfs.nix" - "${self}/profiles/nas.nix" - "${self}/profiles/acme.nix" - "${self}/profiles/nginx.nix" - "${self}/profiles/samba.nix" - "${self}/profiles/backup.nix" - "${self}/profiles/git-server.nix" - "${self}/profiles/music-server.nix" - "${self}/profiles/hardware/amd.nix" - "${self}/profiles/monitoring/exporter.nix" - ]; - - # Use systemd-networkd for networking - systemd.network.enable = true; - systemd.network.networks.enp42s0 = { - matchConfig.Name = "enp42s0"; - networkConfig.DHCP = "yes"; - dhcpV4Config = { - UseDNS = "yes"; - UseDomains = "yes"; - }; - }; - - systemd.network.networks.enp33s0f1 = { - matchConfig.Name = "enp33s0f1"; - networkConfig.DHCP = "yes"; - dhcpV4Config = { - UseDNS = "yes"; - UseDomains = "yes"; - }; - }; - - networking.useNetworkd = true; - networking.useDHCP = false; - networking.firewall.enable = false; - networking.private-wireguard.enable = true; - - services.nscd.enable = false; - system.nssModules = lib.mkForce [ ]; - - my.services.backup = { - enable = true; - repository = "/data/slow/backups/hosts/${config.networking.hostName}"; - timerConfig = { OnCalendar = "00:15"; }; - passwordFile = secrets."restic/repo-systems".path; - paths = - [ - "/data/fast/music" - "/data/fast/photos" - "/home/fcuny/documents" - "/home/fcuny/workspace" - "/home/fcuny/media" - ]; - exclude = [ ]; - }; - - # This value determines the NixOS release from which the default - # settings for stateful data, like file locations and database versions - # on your system were taken. It‘s perfectly fine and recommended to leave - # this value at the release version of the first install of this system. - # Before changing this value read the documentation for this option - # (e.g. man configuration.nix or on https://nixos.org/nixos/options.html). - system.stateVersion = "21.11"; # Did you read the comment? -} diff --git a/hosts/tahoe/hardware.nix b/hosts/tahoe/hardware.nix deleted file mode 100644 index 5f14ab6..0000000 --- a/hosts/tahoe/hardware.nix +++ /dev/null @@ -1,58 +0,0 @@ -# Do not modify this file! It was generated by ‘nixos-generate-config’ -# and may be overwritten by future invocations. Please make changes -# to /etc/nixos/configuration.nix instead. -{ config, lib, pkgs, modulesPath, ... }: - -{ - imports = [ (modulesPath + "/installer/scan/not-detected.nix") ]; - - boot.initrd.availableKernelModules = - [ "xhci_pci" "ahci" "nvme" "usbhid" "usb_storage" "sd_mod" ]; - boot.extraModulePackages = [ ]; - - fileSystems."/" = { - device = "/dev/disk/by-uuid/128c2a5e-48f6-4d94-b196-fb5db500b36d"; - fsType = "btrfs"; - options = [ "subvol=nixos" ]; - }; - - boot.initrd.luks.devices."system".allowDiscards = true; - boot.initrd.luks.devices."system".device = - "/dev/disk/by-uuid/0d11e090-d88f-4313-8a41-8ef52eea0870"; - - fileSystems."/home" = { - device = "/dev/disk/by-uuid/128c2a5e-48f6-4d94-b196-fb5db500b36d"; - fsType = "btrfs"; - options = [ "subvol=home" ]; - }; - - fileSystems."/.snapshots" = { - device = "/dev/disk/by-uuid/128c2a5e-48f6-4d94-b196-fb5db500b36d"; - fsType = "btrfs"; - options = [ "subvol=snapshots" ]; - }; - - fileSystems."/boot" = { - device = "/dev/disk/by-uuid/CBB9-B788"; - fsType = "vfat"; - }; - - fileSystems."/data/fast" = { - device = "/dev/disk/by-uuid/b9290b55-8ff6-4bd0-843d-a9e6f7a4df59"; - fsType = "btrfs"; - }; - - boot.initrd.luks.devices."raid-fast".device = - "/dev/disk/by-id/md-name-nixos:fast"; - - fileSystems."/data/slow" = { - device = "/dev/disk/by-uuid/0f16db51-0ee7-48d8-9e48-653b85ecbf0a"; - fsType = "btrfs"; - }; - - boot.initrd.luks.devices."raid-slow".device = - "/dev/disk/by-id/md-name-nixos:slow"; - - swapDevices = - [{ device = "/dev/disk/by-uuid/0f54b5ab-4fca-4c5a-a9eb-622553145163"; }]; -} diff --git a/hosts/tahoe/home.nix b/hosts/tahoe/home.nix deleted file mode 100644 index 9177e59..0000000 --- a/hosts/tahoe/home.nix +++ /dev/null @@ -1,8 +0,0 @@ -{ pkgs, self, ... }: - -{ - imports = [ - "${self}/home/profiles/home.nix" - "${self}/home/profiles/nas.nix" - ]; -} diff --git a/hosts/tahoe/secrets/acme/credentials.age b/hosts/tahoe/secrets/acme/credentials.age deleted file mode 100644 index 62f2d8e..0000000 --- a/hosts/tahoe/secrets/acme/credentials.age +++ /dev/null @@ -1,11 +0,0 @@ -age-encryption.org/v1 --> X25519 I1SRmXG3GfJFAaDuRFGBemlt2hgJZXgZVPcde35p9wU -2A2DJQAtKk6oKMA0vVkyYI0+xgrXAQs5iwlCTeWONNM --> X25519 ynhAKOCdwDX+vGmQZeHiUNsXWBg44ngl15kONGIgIBs -RKIKJ+1bRdHcGt2dItang021tvwMtlyYYj/ho49tsao --> X25519 7HjxRbuBB4JzR0OGOd6oWG4NOz33NkbgI/dOQAwxoTs -a1mIT+Eoxcxr5Za0t3E85y983qCRUKRR/Df/m0qDp6M --> *.ZS)?-grease # s5)@_oL -Px5WZ6pr5T9P+HQLBfThzAneTtDKEMxOUQ ---- M3B2AdTnZ6Cv9CG2IknMfUgonbYzhVQNCFPJUbvUfk8 -j/tnjPׇ!yOZ+>o'yAK1F<4%R4BQ JN[>SNBDcVScc:1@4OxÊLB \ No newline at end of file diff --git a/hosts/tahoe/secrets/acme/gcp_service_account.json.age b/hosts/tahoe/secrets/acme/gcp_service_account.json.age deleted file mode 100644 index 861220a..0000000 --- a/hosts/tahoe/secrets/acme/gcp_service_account.json.age +++ /dev/null Binary files differdiff --git a/hosts/tahoe/secrets/gandi/apikey.age b/hosts/tahoe/secrets/gandi/apikey.age deleted file mode 100644 index 3f35522..0000000 --- a/hosts/tahoe/secrets/gandi/apikey.age +++ /dev/null @@ -1,11 +0,0 @@ -age-encryption.org/v1 --> X25519 jMYhTKmWi5riTgT9QQVOlzlIegqM1MI2QtJbOonsL2E -bM9xqcJc41bKs0as9lIQQQGZhB5cmaZtO1fHCsrMR9M --> X25519 3xMvuIuRGXBp/gbv+aZpjkp6wLw6hyRAqBIe/Pf+Szo -2X45mDvLNcDOntT4JgZUFHpnlShm3UYv7gCpHGaj4Fo --> X25519 xemfO0+4pS8WG/7QoIIqULZ/xN+C0l+LbBgv4QIdcQU -VfoMT93/3hTZdPo4ALCaEZrIO3bHhsoxCwf6DyXPwvI --> s06@-grease .@\9Og@9 7yCI nS'`(65/ -W1seHOnAnPFF8BB6uqQKv8JwpmoNCU93i06VtxuuHiaeGrlXNPiF0ikD/mysdA ---- dpDFFk5ZPUwQZp96fpS85eZCVELD4GB1uwl/8ev5moA -⇼?Zu>x3d[sLٵ)|[z1#cѨ3BHLw҂]$. \ No newline at end of file diff --git a/hosts/tahoe/secrets/restic/repo-systems.age b/hosts/tahoe/secrets/restic/repo-systems.age deleted file mode 100644 index e3e975e..0000000 --- a/hosts/tahoe/secrets/restic/repo-systems.age +++ /dev/null @@ -1,14 +0,0 @@ -age-encryption.org/v1 --> X25519 9ic8vm8qcpzWoqMDi6eN1dIM8v8ENzdrU9ef/hYptgo -vRrH93V+KVEfjWcZGTO4jvuE9vItKs2JC0LoXmEo5J0 --> X25519 oKF2qEVOVa1FvaiAmm+8poCTM6TCNkAkKlu9LjdnPQY -sJAs8bVoJKWyO1doUkY7Ppky3Q8u3JMP99Pcwtcwrk8 --> X25519 5jPqZeXJPZVD6YEkF/JuLyZDc1z6dOfkNTXV6w1R62M -fZKW+cqYJBAcA2H0mDGsKFaAMbdHe8p7hF+y1IjobVs --> /-grease zG>:_b -rUaFTPq15hon1gmx7J0IGytSHoqQceYGL2XB6h00RdWZuanXZI1F2hWbEvgWFIqB -xXxPJ4Le ---- wrrYjOQ0i4YtHfNs2g594CFVLTAKfMRJCptxZ12YkYM ->襝%@xV1sJ`'C -6/b֖xVؠW( -,8 \ No newline at end of file diff --git a/hosts/tahoe/secrets/rsync.net/ssh-key.age b/hosts/tahoe/secrets/rsync.net/ssh-key.age deleted file mode 100644 index d7c721a..0000000 --- a/hosts/tahoe/secrets/rsync.net/ssh-key.age +++ /dev/null Binary files differdiff --git a/hosts/tahoe/secrets/secrets.nix b/hosts/tahoe/secrets/secrets.nix deleted file mode 100644 index d8283fe..0000000 --- a/hosts/tahoe/secrets/secrets.nix +++ /dev/null @@ -1,38 +0,0 @@ -let - root = "age1nxwgdy3p9fft0zsae440wyulknf5rk82s0wnxssrpxu4nezysa4qexcvpl"; - fcuny = "age1keyvdhpspgqp4g5zjthdphau5q5qlt6fs0ex0wqnve66dmup9pzqn4sakj"; - backup = "age1fh4960rdrk4d7m4c5lwd3trvw9ylk09dvucj2gd2udy7d5cz2a0svcqws6"; - all = [ root fcuny backup ]; -in -{ - "wireguard_privatekey.age".publicKeys = all; - - "acme/credentials.age".publicKeys = all; - "acme/gcp_service_account.json.age" = { - publicKeys = all; - owner = "acme"; - }; - - "syncthing/key.age" = { - publicKeys = all; - owner = "fcuny"; - }; - - "syncthing/cert.age" = { - publicKeys = all; - owner = "fcuny"; - }; - - "unifi/unifi-poller.age" = { - publicKeys = all; - owner = "unpoller-exporter"; - }; - - "gandi/apikey.age" = { - publicKeys = all; - owner = "acme"; - }; - - "restic/repo-systems.age".publicKeys = all; - "rsync.net/ssh-key.age".publicKeys = all; -} diff --git a/hosts/tahoe/secrets/sendsms/config.age b/hosts/tahoe/secrets/sendsms/config.age deleted file mode 100644 index ecc0845..0000000 --- a/hosts/tahoe/secrets/sendsms/config.age +++ /dev/null @@ -1,12 +0,0 @@ -age-encryption.org/v1 --> X25519 Zjg3+y6mTEnsr8yCDyLBk+Z6QlSzHey7zndDYTaMfG4 -iXuA53MwZevEyGaYXQU1tzh14A5YCKpA2yJjFNggkOA --> X25519 FIxTPWtuK2265U+tv/lxypDny+WqPTYlbAcv9FXrzjg -0Xj8azxb+63MyopqX/cedwsvtFNeQdoyhUmiUjZiK40 --> X25519 ev4WoBl4Jot56FFz/8D+sVThLVE2x2ZN41WVWESP0yk -vPW/CPecXPoYy9DrbhHkg030TCspZlRyK3x8vHcK5JI --> a-grease if{suxQ- 9Ls &_~KF%= -dkuZH7Yp/LW7XONo9KhJ1RLUVUgH0IrIs/+6y6RfIxUTqQcMU2o ---- ddHv1vU3hd13grUfTVlbut4JBRt1RVT2oU6HXKlOBDU -~Tk<$U;$k俸Bg̘h ʐ -~[x(74TpݿUu%7RkPt.¡=iUHg K!jCl U6ax<t3>8ҋeaE#o?yV8u,yH6<i>=m \*f(m2R'B8[p(q \ No newline at end of file diff --git a/hosts/tahoe/secrets/syncthing/cert.age b/hosts/tahoe/secrets/syncthing/cert.age deleted file mode 100644 index cbc59bd..0000000 --- a/hosts/tahoe/secrets/syncthing/cert.age +++ /dev/null Binary files differdiff --git a/hosts/tahoe/secrets/syncthing/key.age b/hosts/tahoe/secrets/syncthing/key.age deleted file mode 100644 index d8f21e1..0000000 --- a/hosts/tahoe/secrets/syncthing/key.age +++ /dev/null @@ -1,14 +0,0 @@ -age-encryption.org/v1 --> X25519 Y52YsCYjJDZKhCIu+7kTs6jxJjwW6m84yTFX58jyt34 -4GHnB54xrAVyU0oxZhl+wnL296HA4AXPmMRzuZmOGkA --> X25519 vKd7jTrBShvHFFY67+xooWxDtmNYbc2Fh2G/cYV0tmo -CWBEcJTVuHZy9tSIcq7RSQKhvEmcJr6CT1T36e2//D0 --> X25519 tq3r1Zdz7QJdHjE8ly9Uzw54jkAyq63D6iw2JXpUDWk -ktxqJh7S1kH47G77mUB31IKrY8eHpW9huRVOoxPPOd4 --> -pi[:-grease zVwevS -mO8 ---- EBzdJICAmJmFzQ1pqU1eyGLBBcYc4DMqAgxJq25/hzg -SW Eo96GcC -?}d`:֟tu왾xRvmS:0Ŷa^zS -J`{o oUtfTA,tLߐsOCyPg5O4(R ;`qksnT_d3AG[lAϪifsa ҙEVsPr:bṆoƺ3pɪ(:.Lc}46<m*trM l>VV!: --rG$YM7X}ljrL4zb24z \ No newline at end of file diff --git a/hosts/tahoe/secrets/unifi/unifi-poller.age b/hosts/tahoe/secrets/unifi/unifi-poller.age deleted file mode 100644 index 0bba247..0000000 --- a/hosts/tahoe/secrets/unifi/unifi-poller.age +++ /dev/null Binary files differdiff --git a/hosts/tahoe/secrets/wireguard_privatekey.age b/hosts/tahoe/secrets/wireguard_privatekey.age deleted file mode 100644 index f08c7aa..0000000 --- a/hosts/tahoe/secrets/wireguard_privatekey.age +++ /dev/null @@ -1,12 +0,0 @@ -age-encryption.org/v1 --> X25519 eyw1uK0XuDb6Iaq8pY4VUQNbEKSmj2JltoXIlqUWsn8 -ZzfbNdgoYIvWSeLNyUoitEFvueZiPlYUrsLJzGlUp30 --> X25519 WcbSf4EMR2Bhn1lkkvGlb6NFG3vdVp/KOSO7m4dLRAc -3rNJ7W5idYYpNr1pavUeGtfT30whV+b2htBjQSE3jlc --> X25519 v5INWoeE7B+cdBuOWGkJ6qITX4O0cuLPEZjFV7JpEXE -D9sbaowN+HsnjVW3qyLiO2XeXudFT0BlFtUAaz1oWxE --> x-grease x -CQMrW2t0tVTjuvj+otbdZS/sxUGHDqDoyMVyAkVYhOfpxm8lZCVVlwXPhe6HEufB -oSG6QFkJ8BrPIKn2XA ---- /XVESiNkDBYD0NYoXQhomrWbAC7RufQusQ9lAj8Jgzs -$?i1-*W<9i)thXK9XsE#PX$ 8QqfFozqgr^} \ No newline at end of file diff --git a/hosts/tahoe/services.nix b/hosts/tahoe/services.nix deleted file mode 100644 index 1159cb1..0000000 --- a/hosts/tahoe/services.nix +++ /dev/null @@ -1,21 +0,0 @@ -{ self, config, ... }: -let secrets = config.age.secrets; -in -{ - # this unit is broken and useless. I don't know how to not install - # it, so let's mask it. - systemd.services.mdmonitor.enable = false; - - my.services = { - monitoring = { - prometheus = { - enable = true; - listenAddress = "192.168.6.40"; - }; - grafana = { - enable = true; - vhostName = "dash.${config.homelab.domain}"; - }; - }; - }; -} |