about summary refs log tree commit diff
diff options
context:
space:
mode:
-rw-r--r--README.md34
-rw-r--r--docs/backups.org187
-rw-r--r--docs/desktop.org19
-rw-r--r--docs/gcloud.org21
-rw-r--r--docs/install.org153
-rw-r--r--docs/secrets.org29
-rw-r--r--docs/tools.org167
-rw-r--r--docs/wireguard.org21
8 files changed, 12 insertions, 619 deletions
diff --git a/README.md b/README.md
index 4884d66..3dcc633 100644
--- a/README.md
+++ b/README.md
@@ -1,40 +1,30 @@
 Configurations for my machines.
 
-## nixos
+## Operations
 
-To rebuild the host:
+I use [devshell](https://github.com/numtide/devshell) to manage this environment. Most commands related to the maintenance (building the configuration, switching to a new configuration, etc) are managed with it. You can type `menu` and it will display something similar to:
+```sh
+[darwin]
 
-``` sh
-sudo nixos-rebuild switch  --flake .
-```
-
-or
+  build-darwin  - Build the current darwin configuration
+  switch-darwin - Switch to the current darwin configuration
 
-``` sh
-nix-rebuild-host
-```
+[general commands]
 
-## home-manager
+  menu          - prints this menu
+  treefmt       - one CLI to format the code tree
 
-To rebuild the configuration for `home-manager`:
+[nix]
 
-``` sh
-home-manager switch --flake .
+  update        - Update + Commit the Lock File
 ```
 
-## update flakes
-
-To update the flakes:
-
-``` sh
-nix flake update
-```
+and you can type any of these commands.
 
 ## templates
 
 To use one of the template, run:
 
 ``` sh
-nix flake init -t .#rust
 nix flake init -t .#go
 ```
diff --git a/docs/backups.org b/docs/backups.org
deleted file mode 100644
index a1db502..0000000
--- a/docs/backups.org
+++ /dev/null
@@ -1,187 +0,0 @@
-#+TITLE: Backups
-
-Each host can be configured to store a backup on the NAS using restic. The backups are synchronized once a day to rsync.net.
-
-* restic
-For backups I'm using [[https://restic.readthedocs.io/][restic]].
-
-On the NAS itself, we backup the git repositories to =/data/backups=.
-
-The password is stored in =/etc/restic/password= (this is not managed by puppet for now, and the password is stored within 1password).
-** List the snapshots
-To get a list of snapshots:
-#+BEGIN_SRC sh :dir /ssh:nas: :results verbatim
-sudo restic -r /data/backups/ -p /etc/restic/password snapshots
-#+END_SRC
-
-#+RESULTS:
-#+begin_example
-repository a37cfab5 opened successfully, password is correct
-ID        Time                 Host        Tags        Paths
----------------------------------------------------------------------------------
-e36e9100  2020-02-29 08:43:37  nas                     /home/git/repositories
-603a46a7  2020-03-31 08:39:03  nas                     /home/git/repositories
-e890453b  2020-04-30 08:22:37  nas                     /home/git/repositories
-0affa4d9  2020-05-10 08:47:18  nas                     /home/git/repositories
-a01d8be4  2020-07-31 08:41:25  nas                     /home/git/repositories
-78afb27a  2020-08-31 08:23:52  nas                     /home/git/repositories
-68a417b1  2020-09-30 08:44:49  nas                     /home/git/repositories
-ac6701b4  2020-10-18 06:00:00  nas         git         /home/git/repositories
-4f183431  2020-10-25 06:00:00  nas         git         /home/git/repositories
-aec0b472  2020-10-25 07:24:10  aptos       home        /home/fcuny
-3e98a872  2020-10-30 06:00:00  nas         git         /home/git/repositories
-0268f733  2020-10-31 06:00:00  nas         git         /home/git/repositories
-1b840de3  2020-11-01 06:00:00  nas         git         /home/git/repositories
-2d224944  2020-11-02 06:00:00  nas         git         /home/git/repositories
-fa0107dd  2020-11-03 06:00:00  nas         git         /home/git/repositories
-1165032b  2020-11-04 06:00:00  nas         git         /home/git/repositories
-612b66e3  2020-11-05 06:00:00  nas         git         /home/git/repositories
-2de6fb79  2020-12-31 06:01:19  nas         gitea       /data/containers/gitea
-ece08207  2020-12-31 06:01:41  nas         traefik     /data/containers/traefik
-d59bd75a  2020-12-31 06:06:19  nas         grafana     /data/containers/grafana
-168c0ddf  2020-12-31 06:07:24  nas         unifi       /data/containers/unifi
-5882ffe4  2021-01-27 18:58:06  aptos       home        /home/fcuny
-3565b23b  2021-01-31 06:05:18  nas         traefik     /data/containers/traefik
-653d4411  2021-01-31 06:14:12  nas         gitea       /data/containers/gitea
-38a3e50e  2021-01-31 06:15:13  nas         unifi       /data/containers/unifi
-542e2c80  2021-01-31 06:15:13  nas         grafana     /data/containers/grafana
-8c804805  2021-02-06 19:13:24  aptos       home        /home/fcuny
-3f38d369  2021-02-28 06:03:28  nas         grafana     /data/containers/grafana
-ef2042e2  2021-02-28 06:11:50  nas         unifi       /data/containers/unifi
-b429ef99  2021-02-28 06:18:02  nas         gitea       /data/containers/gitea
-b73f5128  2021-02-28 06:18:04  nas         traefik     /data/containers/traefik
-7a7e3e06  2021-03-28 09:05:35  aptos       home        /home/fcuny
-3a0c790f  2021-03-30 06:12:20  nas         grafana     /data/containers/grafana
-58179a2f  2021-03-31 06:05:04  nas         gitea       /data/containers/gitea
-fc4ede5d  2021-03-31 06:08:18  nas         unifi       /data/containers/unifi
-5eaa5148  2021-03-31 06:17:13  nas         traefik     /data/containers/traefik
-d7c95e53  2021-04-27 18:10:36  aptos       home        /home/fcuny
-4c702501  2021-04-30 06:02:11  nas         gitea       /data/containers/gitea
-8de29c3c  2021-04-30 06:04:42  nas         unifi       /data/containers/unifi
-66664254  2021-04-30 06:08:25  nas         traefik     /data/containers/traefik
-9a3ad896  2021-04-30 06:15:15  nas         grafana     /data/containers/grafana
-344ef4c3  2021-05-15 14:22:05  aptos       home        /home/fcuny
-6141b888  2021-05-30 06:14:37  nas         traefik     /data/containers/traefik
-106c4819  2021-05-31 06:04:56  nas         grafana     /data/containers/grafana
-8e0ba4c3  2021-05-31 06:12:37  nas         gitea       /data/containers/gitea
-8cba7fbf  2021-05-31 06:17:26  nas         unifi       /data/containers/unifi
-2cc04ad6  2021-06-28 17:08:25  aptos       home        /home/fcuny
-8b04e195  2021-06-30 06:03:56  nas         grafana     /data/containers/grafana
-d21a464f  2021-06-30 06:09:56  nas         unifi       /data/containers/unifi
-f180e1a0  2021-06-30 06:10:20  nas         gitea       /data/containers/gitea
-b9e0ce43  2021-06-30 06:11:50  nas         traefik     /data/containers/traefik
-512e80fb  2021-07-23 17:25:45  aptos       home        /home/fcuny
-28b32d1f  2021-07-31 06:03:50  nas         gitea       /data/containers/gitea
-884574c8  2021-07-31 06:11:13  nas         unifi       /data/containers/unifi
-a61cd90f  2021-07-31 06:16:50  nas         grafana     /data/containers/grafana
-614f9123  2021-07-31 06:19:38  nas         traefik     /data/containers/traefik
-17698a8a  2021-08-14 06:05:34  nas         git         /data/containers/git
-b5674e76  2021-08-16 13:47:52  aptos       home        /home/fcuny
-d7c251f6  2021-08-31 06:16:07  nas         gitea       /data/containers/gitea
-ef20f101  2021-08-31 06:16:11  nas         unifi       /data/containers/unifi
-b7cd0d5c  2021-08-31 06:16:16  nas         grafana     /data/containers/grafana
-facffc9a  2021-08-31 06:16:19  nas         traefik     /data/containers/traefik
-b2d31938  2021-08-31 06:16:22  nas         syncthing   /data/containers/syncthing
-8ab3bee2  2021-09-27 10:35:27  aptos       home        /home/fcuny
-1559f48c  2021-09-30 04:11:21  nas         gitea       /data/containers/gitea
-353d202d  2021-09-30 04:11:25  nas         unifi       /data/containers/unifi
-b567fec1  2021-09-30 04:11:30  nas         grafana     /data/containers/grafana
-d7b239c1  2021-09-30 04:11:33  nas         traefik     /data/containers/traefik
-4890d748  2021-09-30 04:11:35  nas         syncthing   /data/containers/syncthing
-4d6b6646  2021-10-31 04:11:55  nas         gitea       /data/containers/gitea
-b2820465  2021-10-31 04:12:01  nas         unifi       /data/containers/unifi
-cd2230ff  2021-10-31 04:12:07  nas         grafana     /data/containers/grafana
-807f1bb3  2021-10-31 04:12:12  nas         traefik     /data/containers/traefik
-5d9c2314  2021-10-31 04:12:15  nas         syncthing   /data/containers/syncthing
-5f1a2de0  2021-10-31 12:38:40  carmel      home        /home/fcuny
-89f6bbec  2021-10-31 14:53:27  aptos       home        /home/fcuny
-5bb120c9  2021-11-05 15:54:28  aptos       home        /home/fcuny
-5fb31f63  2021-11-06 16:05:30  aptos       home        /home/fcuny
-9bfd32e2  2021-11-07 18:02:06  aptos       home        /home/fcuny
-d4dd252f  2021-11-17 13:40:16  aptos       home        /home/fcuny
-b072a3a1  2021-11-21 04:18:17  nas         gitea       /data/containers/gitea
-6ba6bff3  2021-11-21 04:18:32  nas         unifi       /data/containers/unifi
-bb697aae  2021-11-21 04:18:38  nas         grafana     /data/containers/grafana
-33ba0e83  2021-11-21 04:18:41  nas         traefik     /data/containers/traefik
-e2cae3b5  2021-11-21 04:18:43  nas         syncthing   /data/containers/syncthing
-1caaca88  2021-11-21 13:35:29  carmel      home        /home/fcuny
-97d034ce  2021-11-27 19:16:12  aptos       home        /home/fcuny
-5fa6b510  2021-11-28 04:11:27  nas         gitea       /data/containers/gitea
-6670d391  2021-11-28 04:11:32  nas         unifi       /data/containers/unifi
-77d11ce4  2021-11-28 04:11:38  nas         grafana     /data/containers/grafana
-04ee74c6  2021-11-28 04:11:40  nas         traefik     /data/containers/traefik
-1371d8d2  2021-11-28 04:11:43  nas         syncthing   /data/containers/syncthing
-3b2a45ee  2021-11-28 09:19:13  aptos       home        /home/fcuny
-b19902e6  2021-11-28 15:25:29  carmel      home        /home/fcuny
-02fb34d8  2021-11-30 04:05:15  nas         gitea       /data/containers/gitea
-1ac8f79f  2021-11-30 04:05:21  nas         unifi       /data/containers/unifi
-848505be  2021-11-30 04:05:26  nas         grafana     /data/containers/grafana
-2e48e232  2021-11-30 04:05:29  nas         traefik     /data/containers/traefik
-47732732  2021-11-30 04:05:34  nas         syncthing   /data/containers/syncthing
-dd141856  2021-11-30 12:06:56  carmel      home        /home/fcuny
-00e5429b  2021-12-03 18:31:51  aptos       home        /home/fcuny
-31b849ad  2021-12-05 04:06:10  nas         gitea       /data/containers/gitea
-8cc78932  2021-12-05 04:06:26  nas         unifi       /data/containers/unifi
-b7364a55  2021-12-05 04:06:38  nas         grafana     /data/containers/grafana
-043c4b36  2021-12-05 04:06:43  nas         traefik     /data/containers/traefik
-2e415963  2021-12-05 04:06:48  nas         syncthing   /data/containers/syncthing
-1ef944db  2021-12-05 11:14:51  carmel      home        /home/fcuny
-e58a2421  2021-12-06 04:02:44  nas         gitea       /data/containers/gitea
-907bb839  2021-12-06 04:02:50  nas         unifi       /data/containers/unifi
-050dcff3  2021-12-06 04:02:55  nas         grafana     /data/containers/grafana
-72092444  2021-12-06 04:03:00  nas         traefik     /data/containers/traefik
-d04b79bb  2021-12-06 04:03:03  nas         syncthing   /data/containers/syncthing
-2ef060ec  2021-12-06 11:36:51  carmel      home        /home/fcuny
-a3036320  2021-12-07 04:19:42  nas         gitea       /data/containers/gitea
-18af7ba5  2021-12-07 04:19:48  nas         unifi       /data/containers/unifi
-ba7adae4  2021-12-07 04:19:53  nas         grafana     /data/containers/grafana
-b71283de  2021-12-07 04:19:57  nas         traefik     /data/containers/traefik
-d1918837  2021-12-07 04:19:59  nas         syncthing   /data/containers/syncthing
-ec06c179  2021-12-07 17:24:07  carmel      home        /home/fcuny
-49722319  2021-12-08 04:11:10  nas         gitea       /data/containers/gitea
-b7cfa0d8  2021-12-08 04:11:18  nas         unifi       /data/containers/unifi
-64e98ec2  2021-12-08 04:11:25  nas         grafana     /data/containers/grafana
-d5f848fd  2021-12-08 04:11:30  nas         traefik     /data/containers/traefik
-ce58becc  2021-12-08 04:11:33  nas         syncthing   /data/containers/syncthing
-8342e5b7  2021-12-08 17:45:07  carmel      home        /home/fcuny
-93584f9e  2021-12-09 04:06:27  nas         gitea       /data/containers/gitea
-fb0e6073  2021-12-09 04:06:33  nas         unifi       /data/containers/unifi
-68d354c2  2021-12-09 04:06:39  nas         grafana     /data/containers/grafana
-73e199bd  2021-12-09 04:06:46  nas         traefik     /data/containers/traefik
-47e0e0a6  2021-12-09 04:06:49  nas         syncthing   /data/containers/syncthing
-9d7bcb97  2021-12-09 11:53:49  carmel      home        /home/fcuny
-c2130706  2021-12-10 04:00:56  nas         gitea       /data/containers/gitea
-29af7e4f  2021-12-10 04:01:03  nas         unifi       /data/containers/unifi
-393b006b  2021-12-10 04:01:08  nas         grafana     /data/containers/grafana
-433a00d1  2021-12-10 04:01:13  nas         traefik     /data/containers/traefik
-d4949919  2021-12-10 04:01:18  nas         syncthing   /data/containers/syncthing
-ce2a8a73  2021-12-10 12:10:49  carmel      home        /home/fcuny
-c8d56977  2021-12-11 04:11:20  nas         gitea       /data/containers/gitea
-40f3c6d8  2021-12-11 04:11:25  nas         unifi       /data/containers/unifi
-f24178f5  2021-12-11 04:11:30  nas         grafana     /data/containers/grafana
-3ca4553f  2021-12-11 04:11:33  nas         traefik     /data/containers/traefik
-ca41fe42  2021-12-11 04:11:35  nas         syncthing   /data/containers/syncthing
-b2643ef9  2021-12-11 12:40:49  carmel      home        /home/fcuny
-50cb9254  2021-12-12 04:10:34  nas         gitea       /data/containers/gitea
-85de9005  2021-12-12 04:10:40  nas         unifi       /data/containers/unifi
-0fd36196  2021-12-12 04:10:46  nas         grafana     /data/containers/grafana
-bd8f14dd  2021-12-12 04:10:50  nas         traefik     /data/containers/traefik
-ee0735e3  2021-12-12 04:10:53  nas         syncthing   /data/containers/syncthing
----------------------------------------------------------------------------------
-148 snapshots
-#+end_example
-
-** How to configure a backup
-All daily backups are added to the [[file:~/workspace/infrastructure/puppet/site-modules/backup/files/etc/systemd/system/backups.service][unit file]]. Each backup needs a tag (to make it easier to filter/search).
-
-This will run once a day. The backups will be stored in =/data/backups= and then be exported to GCS.
-** How to restore the backup
-First, this is the [[https://restic.readthedocs.io/en/latest/050_restore.html][documentation]] to read. Here's an example:
-#+begin_src sh
-$ sudo restic -r /data/backups/ -p /etc/restic/password restore 8dbaaf98 --target /tmp/this-is-a-test
-repository a37cfab5 opened successfully, password is correct
-restoring <Snapshot 8dbaaf98 of [/data/containers/traefik] at 2021-08-14 06:05:49.547829076 -0700 PDT by restic@nas> to /tmp/this-is-a-test
-$ sudo ls -l /tmp/this-is-a-test/data/containers/traefik
-total 4
-drwxrwxr-x 2 root root 4096 Nov  6  2020 config
-#+end_src
diff --git a/docs/desktop.org b/docs/desktop.org
deleted file mode 100644
index a52fc53..0000000
--- a/docs/desktop.org
+++ /dev/null
@@ -1,19 +0,0 @@
-* Next build
-** Requirements
-- Future proof (PCIe 5, DDR5)
-- Re-use the nr200p case
-- 2 NVMe drive would be nice
-- not have to use a GPU would be nice
-** Hardware selection
-
-| component   | model                                         | price | note |
-|-------------+-----------------------------------------------+-------+------|
-| CPU         | Intel Core i7-12700K                          |   380 |      |
-| CPU cooler  | Noctua NH-U9S chromax.black                   |     0 |      |
-| motherboard | Asus ROG STRIX B660-I GAMING                  |   220 |      |
-| memory      | Corsair Vengeance 32 GB (2 x 16 GB) DDR5-5200 |   309 |      |
-| boot drive  | Western Digital Black SN850                   |   160 |      |
-| case        | nr200p                                        |     0 |      |
-|-------------+-----------------------------------------------+-------+------|
-|             |                                               |  1069 |      |
-#+TBLFM: @8$3=vsum(@2..@-1)
diff --git a/docs/gcloud.org b/docs/gcloud.org
deleted file mode 100644
index 95e7531..0000000
--- a/docs/gcloud.org
+++ /dev/null
@@ -1,21 +0,0 @@
-#+TITLE: Gcloud
-
-* Initial setup
-First we need to create a service account, with:
-#+begin_src sh
-gcloud --project fcuny-homelab iam service-accounts create world-nix
-#+end_src
-
-Next we need to bind the new policy:
-#+begin_src sh
-gcloud projects add-iam-policy-binding fcuny-homelab --member="serviceAccount:world-nix@fcuny-homelab.iam.gserviceaccount.com" --role="roles/accessapproval.configEditor"
-#+end_src
-
-Note: I had to add DNS administrator in the console, I don't know what I need to add to this command.
-
-Finally we need the key:
-#+begin_src sh
-gcloud iam service-accounts keys create world-nix.json --iam-account=world-nix@fcuny-homelab.iam.gserviceaccount.com
-#+end_src
-
-This will create a file name =world-nix.json=. It's best to encrypt it with =age= and move it under the =secrets= directory for a host.
diff --git a/docs/install.org b/docs/install.org
deleted file mode 100644
index 40ba5a8..0000000
--- a/docs/install.org
+++ /dev/null
@@ -1,153 +0,0 @@
-#+TITLE: Installation
-#+AUTHOR: Franck Cuny
-#+EMAIL: franck@fcuny.net
-
-* Prepare the USB stick
-Download the most recent image from https://nixos.org/download.html then put it on a stick:
-#+begin_src sh
-sudo cp ~/downloads/nixos-minimal-21.11.336020.2128d0aa28e-x86_64-linux.iso /dev/sda
-#+end_src
-* Partitioning
-** For the workstation (desktop/laptop)
-All hosts have the same partitioning for the boot drive:
-- /boot partition for UEFI
-- / encrypted with btrfs
-- a 8GB swap
-
-If we assume the boot drive to be =nvme0n1=, we will do the following:
-#+begin_src sh
-parted /dev/nvme0n1 -- mklabel gpt
-parted /dev/nvme0n1 -- mkpart primary 512MiB -8GiB
-parted /dev/nvme0n1 -- mkpart primary linux-swap -8GiB 100%
-parted /dev/nvme0n1 -- mkpart ESP fat32 1MiB 512MiB
-parted /dev/nvme0n1 -- set 3 esp on
-#+end_src
-
-Running =lsbkl= should give the following output:
-#+begin_src sh
-[root@nixos:~]# lsblk
-NAME        MAJ:MIN RM   SIZE RO TYPE MOUNTPOINTS
-loop0         7:0    0   709M  1 loop /nix/.ro-store
-sda           8:0    1  29.9G  0 disk
-├─sda1        8:1    1   784M  0 part /iso
-└─sda2        8:2    1    37M  0 part
-nvme0n1     259:0    0 465.8G  0 disk
-├─nvme0n1p1 259:1    0 457.3G  0 part
-├─nvme0n1p2 259:2    0     8G  0 part
-└─nvme0n1p3 259:3    0   511M  0 part
-#+end_src
-
-Then we create the LUKS device:
-#+begin_src sh
-cryptsetup --verify-passphrase -v luksFormat /dev/nvme0n1p1
-cryptsetup open /dev/nvme0n1p1 system
-#+end_src
-
-We can create the partition for the boot drive and activate the swap:
-#+begin_src sh
-mkswap -L swap /dev/nvme0n1p2
-swapon /dev/nvme0n1p2
-mkfs.fat -F 32 -n nixos-boot /dev/nvme0n1p3
-#+end_src
-#+begin_src sh
-mkfs.btrfs /dev/mapper/system
-
-mount -t btrfs /dev/mapper/system /mnt
-
-btrfs subvolume create /mnt/nixos
-btrfs subvolume create /mnt/home
-btrfs subvolume create /mnt/snapshots
-
-umount /mnt
-#+end_src
-
-Now we can re-mount the partitions with the proper options:
-#+begin_src sh
-mount -o subvol=nixos,compress=zstd,noatime,autodefrag /dev/mapper/system /mnt
-
-mkdir /mnt/{home,boot,.snapshots}
-
-mount -o subvol=home,compress=zstd,noatime,autodefrag /dev/mapper/system /mnt/home
-mount -o subvol=snapshots,compress=zstd,noatime /dev/mapper/system /mnt/.snapshots
-mount /dev/nvme0n1p3 /mnt/boot
-#+end_src
-
-Once the installation is completed:
-#+begin_src sh
-CUSTOMIZE_TIMESTAMP=$(date -u +%Y%m%dT%H%M%S)
-btrfs subvolume snapshot /mnt /mnt/.snapshots/$CUSTOMIZE_TIMESTAMP
-#+end_src
-** Partitions for the NAS
-Create the RAIDs:
-#+begin_src sh
-mdadm --create /dev/md/fast --level=mirror --raid-devices=2 /dev/sda /dev/sdb
-mdadm --create /dev/md/slow --level=mirror --raid-devices=2 /dev/sdc /dev/sde
-#+end_src
-
-Encrypt the RAIDs:
-#+begin_src sh
-cryptsetup --verify-passphrase -v luksFormat /dev/md/slow
-cryptsetup --verify-passphrase -v luksFormat /dev/md/fast
-#+end_src
-
-Then open them:
-#+begin_src sh
-cryptsetup open /dev/md/fast raid-fast
-cryptsetup open /dev/md/slow raid-slow
-#+end_src
-
-Create the filesystem:
-#+begin_src sh
-mkfs.btrfs /dev/mapper/raid-fast
-mkfs.btrfs /dev/mapper/raid-slow
-#+end_src
-
-Then we can mount them to generate the host configuration
-#+begin_src sh
-btrfs subvolume create /mnt/media
-btrfs subvolume create /mnt/containers
-umount /mnt
-
-mount -t btrfs /dev/mapper/raid-slow /mnt/
-btrfs subvolume create /mnt/backups
-mkdir /mnt/data/{backups,containers,media}
-mount -o subvol=media,compress=zstd,noatime,autodefrag /dev/mapper/raid-fast /mnt/data/media
-mount -o subvol=media,compress=zstd,noatime,autodefrag /dev/mapper/raid-fast /mnt/data/media
-mount -o subvol=containers,compress=zstd,noatime,autodefrag /dev/mapper/raid-fast /mnt/data/containers
-mount -o subvol=backups,compress=zstd,noatime,autodefrag /dev/mapper/raid-slow /mnt/data/backups
-#+end_src
-* Installing the system
-Let's add git and nixFlakes:
-#+begin_src sh
-nix-shell -p git nixFlakes
-#+end_src
-
-#+begin_src sh
-nixos-generate-config --root /mnt
-mkdir /mnt/root
-git clone https://git.fcuny.net/fcuny/world.git /mnt/root/world
-mkdir /mnt/root/world/hosts/<host name>
-cp /mnt/etc/nixos/hardware-configuration.nix /mnt/root/world/hosts/<host name>/
-cp /mnt/root/world/hosts/aptos/default.nix /mnt/root/world/hosts/<host name>/
-vim /mnt/root/world/hosts/<host name>/default.nix
-cd /mnt/root/world
-git add hosts/tahoe
-cd /
-nixos-install --root /mnt --flake /mnt/root/world#<host name>
-#+end_src
-
-Create another snapshot
-#+begin_src sh
-CUSTOMIZE_TIMESTAMP=$(date -u +%Y%m%dT%H%M%S)
-btrfs subvolume snapshot /mnt /mnt/.snapshots/$CUSTOMIZE_TIMESTAMP
-#+end_src
-
-And a =reboot= should be enough.
-* home-manager initial install
-After a reboot, as root:
-#+begin_src sh
-nix-channel --add https://github.com/nix-community/home-manager/archive/release-21.11.tar.gz home-manager
-nix-channel --update
-nix-shell '<home-manager>' -A install
-home-manager build --flake .#fcuny@<host name>
-#+end_src
diff --git a/docs/secrets.org b/docs/secrets.org
deleted file mode 100644
index 5c350e0..0000000
--- a/docs/secrets.org
+++ /dev/null
@@ -1,29 +0,0 @@
-#+TITLE: Secrets
-
-* secrets
-** system
-Secrets at the system level are managed by [[https://github.com/ryantm/agenix][agenix]]. The secrets are encrypted with a couple of =age= keys. I do not use ssh keys to encrypt the secrets. Instead, I do the following:
-- each system has a key for the user root, and the secrets for that host are encoded with it as a recipient
-- on each workstation, my user (=fcuny=) has a key and the secrets for all the hosts are encrypted with it as a recipient
-- in addition, I've a backup key stored on a USB device, and I used its public key to encrypt all the secrets with it
-
-These keys are backed up on an external USB device and in passage. When re-provisioning a host, the keys are restored from the USB device or from passage itself.
-
-When provisioning a new host, a key for root (and my user if it's a workstation) is created and stored on the USB device and in passage.
-*** add a new secret
-#+begin_src sh
-nix run github:ryantm/agenix -- -i ~/.age/key.txt -e sendsms/sendsms.age
-#+end_src
-*** re-key secrets
-#+begin_src sh
-nix run github:ryantm/agenix -- -i ~/.age/key.txt -r
-#+end_src
-** home-manager
-Nothing for now.
-** passage
-I use [[https://github.com/FiloSottile/passage][passage]] to store passwords locally. The content of the store is pushed to a remote git repository, and I synchronized the store regularly to the USB device.
-* misc
-** GPG
-nop nop nop nop nop
-** keyring
-I don't need one anymore.
diff --git a/docs/tools.org b/docs/tools.org
deleted file mode 100644
index e093f5c..0000000
--- a/docs/tools.org
+++ /dev/null
@@ -1,167 +0,0 @@
-#+TITLE: Collection of recipes for various tools
-
-* syncthing
-** connection to the remote UI
-The web UI for syncthing is binded to localhost. To access the UI of a remote host, create a SSH tunnel:
-#+begin_src sh
-ssh -L 1235:localhost:8384 -N -f 192.168.0.106
-#+end_src
-* yt-dlp
-- use =--merge-output-format=mkv=
-- check what's the best audio and video for a video
-- prefer =mp4= for the audio over =webm=
-
-** List of supported formats
-#+begin_src sh :results verbatim
-yt-dlp --list-formats https://www.youtube.com/watch?v=igH-NgcuW2M
-#+end_src
-
-#+RESULTS:
-#+begin_example
-[youtube] igH-NgcuW2M: Downloading webpage
-[youtube] igH-NgcuW2M: Downloading android player API JSON
-[info] Available formats for igH-NgcuW2M:
-ID  EXT  RESOLUTION FPS |  FILESIZE    TBR PROTO | VCODEC        VBR ACODEC     ABR  ASR    MORE INFO
---- ---- ---------- --- - ---------- ----- ----- - ----------- ----- --------- ---- ------- -----------------
-139 m4a  audio only     |  15.00MiB    47k https |                   mp4a.40.5  47k 22050Hz low, m4a_dash
-249 webm audio only     |  15.28MiB    48k https |                   opus       48k 48000Hz low, webm_dash
-250 webm audio only     |  19.58MiB    62k https |                   opus       62k 48000Hz low, webm_dash
-140 m4a  audio only     |  40.06MiB   127k https |                   mp4a.40.2 127k 44100Hz medium, m4a_dash
-251 webm audio only     |  39.20MiB   124k https |                   opus      124k 48000Hz medium, webm_dash
-17  3gp  176x144    12  |  24.81MiB    78k https | mp4v.20.3     78k mp4a.40.2   0k 22050Hz 144p
-160 mp4  256x144    12  |  34.44MiB   109k https | avc1.4d400c  109k                        144p, mp4_dash
-278 webm 256x144    12  |  28.61MiB    90k https | vp9           90k                        144p, webm_dash
-133 mp4  426x240    24  |  77.23MiB   244k https | avc1.4d4015  244k                        240p, mp4_dash
-242 webm 426x240    24  |  72.41MiB   229k https | vp9          229k                        240p, webm_dash
-134 mp4  640x360    24  |  178.23MiB  565k https | avc1.4d401e  565k                        360p, mp4_dash
-18  mp4  640x360    24  |  231.71MiB  734k https | avc1.42001E  734k mp4a.40.2   0k 44100Hz 360p
-243 webm 640x360    24  |  137.73MiB  436k https | vp9          436k                        360p, webm_dash
-135 mp4  854x480    24  |  329.98MiB 1046k https | avc1.4d401e 1046k                        480p, mp4_dash
-244 webm 854x480    24  |  244.94MiB  776k https | vp9          776k                        480p, webm_dash
-136 mp4  1280x720   24  |  638.05MiB 2023k https | avc1.4d401f 2023k                        720p, mp4_dash
-22  mp4  1280x720   24  |            2150k https | avc1.64001F 2150k mp4a.40.2   0k 44100Hz 720p
-247 webm 1280x720   24  |  490.14MiB 1554k https | vp9         1554k                        720p, webm_dash
-137 mp4  1920x1080  24  |  1.13GiB   3685k https | avc1.640028 3685k                        1080p, mp4_dash
-248 webm 1920x1080  24  |  893.45MiB 2833k https | vp9         2833k                        1080p, webm_dash
-#+end_example
-** Best audio and video
-#+begin_src sh
-yt-dlp -f 'bv*+ba' https://www.youtube.com/watch?v=igH-NgcuW2M -o '%(id)s.%(ext)s'
-#+end_src
-** Download a playlist
-Save into =channel_id/playlist_id= directory with the video added to an archive text file:
-#+begin_src sh
-yt-dlp -f 'bv*[height=1080]+ba' --download-archive videos.txt  https://www.youtube.com/playlist?list=PLlVlyGVtvuVnUjA4d6gHKCSrLAAm2n1e6 -o '%(channel_id)s/%(playlist_id)s/%(id)s.%(ext)s'
-#+end_src
-** Download a channel
-#+begin_src sh
-yt-dlp -f 'bv*[height=720]+ba' --download-archive videos.txt https://www.youtube.com/c/FootheFlowerhorn/videos -o '%(channel)s/%(title)s.%(ext)s'
-#+end_src
-* exiftool
-** Copy media based on the creation date
-#+begin_src sh
-exiftool -v -o . '-Directory<CreateDate' -d /data/photos/%Y/%Y-%m-%d/ .
-#+end_src
-** Move media based on the creation date
-#+begin_src sh
-exiftool -v '-Directory<CreateDate' -d /data/photos/%Y/%Y-%m-%d/ .
-#+end_src
-
-Alternatively, in case the creation date is incorrect:
-#+begin_src sh
-exiftool -v '-Directory<DateTimeOriginal' -d /data/photos/%Y/%Y-%m-%d/
-#+end_src
-** Move pdf to a directory
-To move papers (for example) using the title and date of creation to a specific destination:
-#+begin_src sh
-exiftool '-filename<${Title;}.%e' '-directory<CreateDate' -d ~/documents/papers/%Y/ .
-#+end_src
-** Edit metadata from a google takeout
-This [[https://github.com/kaytat/exiftool-scripts-for-takeout][repository]] as a few scripts for =exiftools= that are interesting. In case this repository were to disappear in the future, here is the script to update the metadata from the JSON files:
-#+begin_src sh :filename use_json.args
-# Fill in from Google's JSON
-
-# Look at all media files and ignore JSON
---ext
-json
-
-# Recursive
--r
-
-# Show processed filenames
--v0
-
-# Check if the corresponding JSON exists
--if
-(-e "${Directory}/${Filename}".".json")
-
-# Attempt to modify media only if the info doesn't already exist
--if
-($Filetype eq "MP4" and not $quicktime:TrackCreateDate) or ($Filetype eq "MP4" and $quicktime:TrackCreateDate eq "0000:00:00 00:00:00") or ($Filetype eq "JPEG" and not $exif:DateTimeOriginal) or ($Filetype eq "PNG" and not $PNG:CreationTime)
-
-# Attempt to read in the JSON
--tagsfromfile
-%d%F.json
-
-#
-# Write out the tags. Use ConvertUnixTime to try and convert the UTC timestamp
-# to a reasonable local EXIF string.
-#
-
-# EXIF for regular JPG photos
--AllDates<${PhotoTakenTimeTimestamp;$_=ConvertUnixTime($_,1)}
-
-# PNG-specific
--XMP-Exif:DateTimeOriginal<${PhotoTakenTimeTimestamp;$_=ConvertUnixTime($_,1)}
--PNG:CreationTime<${PhotoTakenTimeTimestamp;$_=ConvertUnixTime($_,1)}
-
-# Quicktime / MP4. Assume that timestamp is in UTC.
--QuickTime:TrackCreateDate<${PhotoTakenTimeTimestamp;$_=ConvertUnixTime($_,0)}
--QuickTime:TrackModifyDate<${PhotoTakenTimeTimestamp;$_=ConvertUnixTime($_,0)}
--QuickTime:MediaCreateDate<${PhotoTakenTimeTimestamp;$_=ConvertUnixTime($_,0)}
--QuickTime:MediaModifyDate<${PhotoTakenTimeTimestamp;$_=ConvertUnixTime($_,0)}
-
-# Clobber everything
--overwrite_original
-#+end_src
-
-and to run it: =exiftool -@ use_json.args <takeout_dir>=
-* beet
-=beet= is a media library management system for music. The main documentation is [[https://beets.readthedocs.io/en/latest/index.html][here]].
-** search
-By album
-#+begin_src shell
-tahoe:~ beet ls album:henry
-Nick Cave & the Bad Seeds - Henry’s Dream - Papa Won’t Leave You, Henry
-Nick Cave & the Bad Seeds - Henry’s Dream - I Had a Dream, Joe
-Nick Cave & the Bad Seeds - Henry’s Dream - Straight to You
-Nick Cave & the Bad Seeds - Henry’s Dream - Brother, My Cup Is Empty
-Nick Cave & the Bad Seeds - Henry’s Dream - Christina the Astonishing
-Nick Cave & the Bad Seeds - Henry’s Dream - When I First Came to Town
-Nick Cave & the Bad Seeds - Henry’s Dream - John Finn’s Wife
-Nick Cave & the Bad Seeds - Henry’s Dream - Loom of the Land
-Nick Cave & the Bad Seeds - Henry’s Dream - Jack the Ripper
-#+end_src
-
-All the albums from 2023
-#+begin_src shell
-tahoe:~ beet ls year:2023 -a
-ALL HANDS_MAKE LIGHT - "Darling the Dawn"
-Big ‡ Brave - Nature Morte
-boygenius - the record
-Ky - Power Is The Pharmacy
-OM - Gebel Barkal / Version
-Joni Void - Everyday Is The Song
-#+end_src
-** Update
-Modify the year for an album:
-#+begin_src shell
-tahoe:~ beet modify path:/data/fast/music/Nick\ Cave\ \&\ the\ Bad\ Seeds/B-Sides\ \&\ Rarities,\ Part\ I year=2005
-Modifying 56 items.
-Nick Cave & Dirty Three - B-Sides & Rarities, Part I - Time Jesum Transeuntum et Non Riverentum
-  year: 2021 -> 2005
-Nick Cave & Shane MacGowan - B-Sides & Rarities, Part I - What a Wonderful World
-  year: 2021 -> 2005
-...
-Really modify, move and write tags? (Yes/no/select) yes
-#+end_src
diff --git a/docs/wireguard.org b/docs/wireguard.org
deleted file mode 100644
index 154c159..0000000
--- a/docs/wireguard.org
+++ /dev/null
@@ -1,21 +0,0 @@
-#+TITLE: Configuration for wireguard
-
-* Creating the keys
-We need a key for the host:
-#+begin_src sh
-(umask 0077; wg genkey > peer_A.key)
-#+end_src
-
-Next we create the public key:
-#+begin_src sh
-wg pubkey < peer_A.key > peer_A.pub
-#+end_src
-
-Now we need to add the private key to the list of secrets:
-#+begin_src sh
-nix run github:ryantm/agenix -- -e secrets/network/<host name>/wireguard_privatekey.age
-#+end_src
-
-Once this is done, update [[file:~/workspace/world/configs/wireguard.toml][wireguard.toml]] to add the new peer with the public key.
-
-Once this is completed, we can delete the files =peer_A.key= and =peer_A.pub=.