about summary refs log tree commit diff
path: root/hosts/tahoe
diff options
context:
space:
mode:
Diffstat (limited to 'hosts/tahoe')
-rw-r--r--hosts/tahoe/boot.nix30
-rw-r--r--hosts/tahoe/default.nix73
-rw-r--r--hosts/tahoe/hardware.nix58
-rw-r--r--hosts/tahoe/home.nix8
-rw-r--r--hosts/tahoe/secrets/acme/credentials.age11
-rw-r--r--hosts/tahoe/secrets/acme/gcp_service_account.json.agebin2795 -> 0 bytes
-rw-r--r--hosts/tahoe/secrets/gandi/apikey.age11
-rw-r--r--hosts/tahoe/secrets/restic/repo-systems.age14
-rw-r--r--hosts/tahoe/secrets/rsync.net/ssh-key.agebin906 -> 0 bytes
-rw-r--r--hosts/tahoe/secrets/secrets.nix38
-rw-r--r--hosts/tahoe/secrets/sendsms/config.age12
-rw-r--r--hosts/tahoe/secrets/syncthing/cert.agebin1325 -> 0 bytes
-rw-r--r--hosts/tahoe/secrets/syncthing/key.age14
-rw-r--r--hosts/tahoe/secrets/unifi/unifi-poller.agebin430 -> 0 bytes
-rw-r--r--hosts/tahoe/secrets/wireguard_privatekey.age12
-rw-r--r--hosts/tahoe/services.nix21
16 files changed, 0 insertions, 302 deletions
diff --git a/hosts/tahoe/boot.nix b/hosts/tahoe/boot.nix
deleted file mode 100644
index 89bd672..0000000
--- a/hosts/tahoe/boot.nix
+++ /dev/null
@@ -1,30 +0,0 @@
-{ config, ... }:
-
-{
-  boot = {
-    kernelParams = [
-      # get an IP address on boot, so we can unlock the root disk remotely
-      "ip=dhcp"
-      # rotate the screen 90 degree counter clockwise
-      "fbcon=rotate:1"
-    ];
-    initrd = {
-      # driver for the NIC, required in order to get an IP address
-      kernelModules = [ "r8169" ];
-      network = {
-        enable = true;
-        postCommands = ''
-          echo "cryptsetup-askpass; exit" > /root/.profile
-        '';
-        ssh = {
-          enable = true;
-          port = 2222;
-          hostKeys =
-            [ /etc/ssh/ssh_host_ed25519_key /etc/ssh/ssh_host_rsa_key ];
-          authorizedKeys =
-            config.users.users.fcuny.openssh.authorizedKeys.keys;
-        };
-      };
-    };
-  };
-}
diff --git a/hosts/tahoe/default.nix b/hosts/tahoe/default.nix
deleted file mode 100644
index 0f955f9..0000000
--- a/hosts/tahoe/default.nix
+++ /dev/null
@@ -1,73 +0,0 @@
-{ config, pkgs, hostname, lib, self, ... }:
-let
-  secrets = config.age.secrets;
-in
-{
-  imports = [
-    ./boot.nix
-    ./hardware.nix
-    ./services.nix
-    "${self}/profiles/btrfs.nix"
-    "${self}/profiles/nas.nix"
-    "${self}/profiles/acme.nix"
-    "${self}/profiles/nginx.nix"
-    "${self}/profiles/samba.nix"
-    "${self}/profiles/backup.nix"
-    "${self}/profiles/git-server.nix"
-    "${self}/profiles/music-server.nix"
-    "${self}/profiles/hardware/amd.nix"
-    "${self}/profiles/monitoring/exporter.nix"
-  ];
-
-  # Use systemd-networkd for networking
-  systemd.network.enable = true;
-  systemd.network.networks.enp42s0 = {
-    matchConfig.Name = "enp42s0";
-    networkConfig.DHCP = "yes";
-    dhcpV4Config = {
-      UseDNS = "yes";
-      UseDomains = "yes";
-    };
-  };
-
-  systemd.network.networks.enp33s0f1 = {
-    matchConfig.Name = "enp33s0f1";
-    networkConfig.DHCP = "yes";
-    dhcpV4Config = {
-      UseDNS = "yes";
-      UseDomains = "yes";
-    };
-  };
-
-  networking.useNetworkd = true;
-  networking.useDHCP = false;
-  networking.firewall.enable = false;
-  networking.private-wireguard.enable = true;
-
-  services.nscd.enable = false;
-  system.nssModules = lib.mkForce [ ];
-
-  my.services.backup = {
-    enable = true;
-    repository = "/data/slow/backups/hosts/${config.networking.hostName}";
-    timerConfig = { OnCalendar = "00:15"; };
-    passwordFile = secrets."restic/repo-systems".path;
-    paths =
-      [
-        "/data/fast/music"
-        "/data/fast/photos"
-        "/home/fcuny/documents"
-        "/home/fcuny/workspace"
-        "/home/fcuny/media"
-      ];
-    exclude = [ ];
-  };
-
-  # This value determines the NixOS release from which the default
-  # settings for stateful data, like file locations and database versions
-  # on your system were taken. It‘s perfectly fine and recommended to leave
-  # this value at the release version of the first install of this system.
-  # Before changing this value read the documentation for this option
-  # (e.g. man configuration.nix or on https://nixos.org/nixos/options.html).
-  system.stateVersion = "21.11"; # Did you read the comment?
-}
diff --git a/hosts/tahoe/hardware.nix b/hosts/tahoe/hardware.nix
deleted file mode 100644
index 5f14ab6..0000000
--- a/hosts/tahoe/hardware.nix
+++ /dev/null
@@ -1,58 +0,0 @@
-# Do not modify this file!  It was generated by ‘nixos-generate-config’
-# and may be overwritten by future invocations.  Please make changes
-# to /etc/nixos/configuration.nix instead.
-{ config, lib, pkgs, modulesPath, ... }:
-
-{
-  imports = [ (modulesPath + "/installer/scan/not-detected.nix") ];
-
-  boot.initrd.availableKernelModules =
-    [ "xhci_pci" "ahci" "nvme" "usbhid" "usb_storage" "sd_mod" ];
-  boot.extraModulePackages = [ ];
-
-  fileSystems."/" = {
-    device = "/dev/disk/by-uuid/128c2a5e-48f6-4d94-b196-fb5db500b36d";
-    fsType = "btrfs";
-    options = [ "subvol=nixos" ];
-  };
-
-  boot.initrd.luks.devices."system".allowDiscards = true;
-  boot.initrd.luks.devices."system".device =
-    "/dev/disk/by-uuid/0d11e090-d88f-4313-8a41-8ef52eea0870";
-
-  fileSystems."/home" = {
-    device = "/dev/disk/by-uuid/128c2a5e-48f6-4d94-b196-fb5db500b36d";
-    fsType = "btrfs";
-    options = [ "subvol=home" ];
-  };
-
-  fileSystems."/.snapshots" = {
-    device = "/dev/disk/by-uuid/128c2a5e-48f6-4d94-b196-fb5db500b36d";
-    fsType = "btrfs";
-    options = [ "subvol=snapshots" ];
-  };
-
-  fileSystems."/boot" = {
-    device = "/dev/disk/by-uuid/CBB9-B788";
-    fsType = "vfat";
-  };
-
-  fileSystems."/data/fast" = {
-    device = "/dev/disk/by-uuid/b9290b55-8ff6-4bd0-843d-a9e6f7a4df59";
-    fsType = "btrfs";
-  };
-
-  boot.initrd.luks.devices."raid-fast".device =
-    "/dev/disk/by-id/md-name-nixos:fast";
-
-  fileSystems."/data/slow" = {
-    device = "/dev/disk/by-uuid/0f16db51-0ee7-48d8-9e48-653b85ecbf0a";
-    fsType = "btrfs";
-  };
-
-  boot.initrd.luks.devices."raid-slow".device =
-    "/dev/disk/by-id/md-name-nixos:slow";
-
-  swapDevices =
-    [{ device = "/dev/disk/by-uuid/0f54b5ab-4fca-4c5a-a9eb-622553145163"; }];
-}
diff --git a/hosts/tahoe/home.nix b/hosts/tahoe/home.nix
deleted file mode 100644
index 9177e59..0000000
--- a/hosts/tahoe/home.nix
+++ /dev/null
@@ -1,8 +0,0 @@
-{ pkgs, self, ... }:
-
-{
-  imports = [
-    "${self}/home/profiles/home.nix"
-    "${self}/home/profiles/nas.nix"
-  ];
-}
diff --git a/hosts/tahoe/secrets/acme/credentials.age b/hosts/tahoe/secrets/acme/credentials.age
deleted file mode 100644
index 62f2d8e..0000000
--- a/hosts/tahoe/secrets/acme/credentials.age
+++ /dev/null
@@ -1,11 +0,0 @@
-age-encryption.org/v1
--> X25519 I1SRmXG3GfJFAaDuRFGBemlt2hgJZXgZVPcde35p9wU
-2A2DJQAtKk6oKMA0vVkyYI0+xgrXAQs5iwlCTeWONNM
--> X25519 ynhAKOCdwDX+vGmQZeHiUNsXWBg44ngl15kONGIgIBs
-RKIKJ+1bRdHcGt2dItang021tvwMtlyYYj/ho49tsao
--> X25519 7HjxRbuBB4JzR0OGOd6oWG4NOz33NkbgI/dOQAwxoTs
-a1mIT+Eoxcxr5Za0t3E85y983qCRUKRR/Df/m0qDp6M
--> *.ZS)?-grease # s5)@_oL
-Px5WZ6pr5T9P+HQLBfThzAneTtDKEMxOUQ
---- M3B2AdTnZ6Cv9CG2IknMfUgonbYzhVQNCFPJUbvUfk8
-j/tnjPׇ!yOZ+>o'yAK1F<4%R4BQ
JN[>SNBDcVScc:1@4OxÊLB
\ No newline at end of file
diff --git a/hosts/tahoe/secrets/acme/gcp_service_account.json.age b/hosts/tahoe/secrets/acme/gcp_service_account.json.age
deleted file mode 100644
index 861220a..0000000
--- a/hosts/tahoe/secrets/acme/gcp_service_account.json.age
+++ /dev/null
Binary files differdiff --git a/hosts/tahoe/secrets/gandi/apikey.age b/hosts/tahoe/secrets/gandi/apikey.age
deleted file mode 100644
index 3f35522..0000000
--- a/hosts/tahoe/secrets/gandi/apikey.age
+++ /dev/null
@@ -1,11 +0,0 @@
-age-encryption.org/v1
--> X25519 jMYhTKmWi5riTgT9QQVOlzlIegqM1MI2QtJbOonsL2E
-bM9xqcJc41bKs0as9lIQQQGZhB5cmaZtO1fHCsrMR9M
--> X25519 3xMvuIuRGXBp/gbv+aZpjkp6wLw6hyRAqBIe/Pf+Szo
-2X45mDvLNcDOntT4JgZUFHpnlShm3UYv7gCpHGaj4Fo
--> X25519 xemfO0+4pS8WG/7QoIIqULZ/xN+C0l+LbBgv4QIdcQU
-VfoMT93/3hTZdPo4ALCaEZrIO3bHhsoxCwf6DyXPwvI
--> s06@-grease .@\9Og@9 7yCI nS'`(65/
-W1seHOnAnPFF8BB6uqQKv8JwpmoNCU93i06VtxuuHiaeGrlXNPiF0ikD/mysdA
---- dpDFFk5ZPUwQZp96fpS85eZCVELD4GB1uwl/8ev5moA
-⇼?Zu>x3d[sLٵ)|[z1#cѨ3BHLw҂]$.
\ No newline at end of file
diff --git a/hosts/tahoe/secrets/restic/repo-systems.age b/hosts/tahoe/secrets/restic/repo-systems.age
deleted file mode 100644
index e3e975e..0000000
--- a/hosts/tahoe/secrets/restic/repo-systems.age
+++ /dev/null
@@ -1,14 +0,0 @@
-age-encryption.org/v1
--> X25519 9ic8vm8qcpzWoqMDi6eN1dIM8v8ENzdrU9ef/hYptgo
-vRrH93V+KVEfjWcZGTO4jvuE9vItKs2JC0LoXmEo5J0
--> X25519 oKF2qEVOVa1FvaiAmm+8poCTM6TCNkAkKlu9LjdnPQY
-sJAs8bVoJKWyO1doUkY7Ppky3Q8u3JMP99Pcwtcwrk8
--> X25519 5jPqZeXJPZVD6YEkF/JuLyZDc1z6dOfkNTXV6w1R62M
-fZKW+cqYJBAcA2H0mDGsKFaAMbdHe8p7hF+y1IjobVs
--> /-grease zG>:_b
-rUaFTPq15hon1gmx7J0IGytSHoqQceYGL2XB6h00RdWZuanXZI1F2hWbEvgWFIqB
-xXxPJ4Le
---- wrrYjOQ0i4YtHfNs2g594CFVLTAKfMRJCptxZ12YkYM
->襝%@xV1sJ`'C
-6/b֖xVؠW(
-,8
\ No newline at end of file
diff --git a/hosts/tahoe/secrets/rsync.net/ssh-key.age b/hosts/tahoe/secrets/rsync.net/ssh-key.age
deleted file mode 100644
index d7c721a..0000000
--- a/hosts/tahoe/secrets/rsync.net/ssh-key.age
+++ /dev/null
Binary files differdiff --git a/hosts/tahoe/secrets/secrets.nix b/hosts/tahoe/secrets/secrets.nix
deleted file mode 100644
index d8283fe..0000000
--- a/hosts/tahoe/secrets/secrets.nix
+++ /dev/null
@@ -1,38 +0,0 @@
-let
-  root = "age1nxwgdy3p9fft0zsae440wyulknf5rk82s0wnxssrpxu4nezysa4qexcvpl";
-  fcuny = "age1keyvdhpspgqp4g5zjthdphau5q5qlt6fs0ex0wqnve66dmup9pzqn4sakj";
-  backup = "age1fh4960rdrk4d7m4c5lwd3trvw9ylk09dvucj2gd2udy7d5cz2a0svcqws6";
-  all = [ root fcuny backup ];
-in
-{
-  "wireguard_privatekey.age".publicKeys = all;
-
-  "acme/credentials.age".publicKeys = all;
-  "acme/gcp_service_account.json.age" = {
-    publicKeys = all;
-    owner = "acme";
-  };
-
-  "syncthing/key.age" = {
-    publicKeys = all;
-    owner = "fcuny";
-  };
-
-  "syncthing/cert.age" = {
-    publicKeys = all;
-    owner = "fcuny";
-  };
-
-  "unifi/unifi-poller.age" = {
-    publicKeys = all;
-    owner = "unpoller-exporter";
-  };
-
-  "gandi/apikey.age" = {
-    publicKeys = all;
-    owner = "acme";
-  };
-
-  "restic/repo-systems.age".publicKeys = all;
-  "rsync.net/ssh-key.age".publicKeys = all;
-}
diff --git a/hosts/tahoe/secrets/sendsms/config.age b/hosts/tahoe/secrets/sendsms/config.age
deleted file mode 100644
index ecc0845..0000000
--- a/hosts/tahoe/secrets/sendsms/config.age
+++ /dev/null
@@ -1,12 +0,0 @@
-age-encryption.org/v1
--> X25519 Zjg3+y6mTEnsr8yCDyLBk+Z6QlSzHey7zndDYTaMfG4
-iXuA53MwZevEyGaYXQU1tzh14A5YCKpA2yJjFNggkOA
--> X25519 FIxTPWtuK2265U+tv/lxypDny+WqPTYlbAcv9FXrzjg
-0Xj8azxb+63MyopqX/cedwsvtFNeQdoyhUmiUjZiK40
--> X25519 ev4WoBl4Jot56FFz/8D+sVThLVE2x2ZN41WVWESP0yk
-vPW/CPecXPoYy9DrbhHkg030TCspZlRyK3x8vHcK5JI
--> a-grease if{suxQ- 9Ls &_~KF%=
-dkuZH7Yp/LW7XONo9KhJ1RLUVUgH0IrIs/+6y6RfIxUTqQcMU2o
---- ddHv1vU3hd13grUfTVlbut4JBRt1RVT2oU6HXKlOBDU
-~Tk<$U;$k俸Bg̘h	ʐ
-~[x(74TpݿUu%7RkPt.¡=iUHg
K!jCl U6ax<t3>8ҋeaE#o?yV8u,yH6<i‘>=m
\*f(m2R'B8[p(q
\ No newline at end of file
diff --git a/hosts/tahoe/secrets/syncthing/cert.age b/hosts/tahoe/secrets/syncthing/cert.age
deleted file mode 100644
index cbc59bd..0000000
--- a/hosts/tahoe/secrets/syncthing/cert.age
+++ /dev/null
Binary files differdiff --git a/hosts/tahoe/secrets/syncthing/key.age b/hosts/tahoe/secrets/syncthing/key.age
deleted file mode 100644
index d8f21e1..0000000
--- a/hosts/tahoe/secrets/syncthing/key.age
+++ /dev/null
@@ -1,14 +0,0 @@
-age-encryption.org/v1
--> X25519 Y52YsCYjJDZKhCIu+7kTs6jxJjwW6m84yTFX58jyt34
-4GHnB54xrAVyU0oxZhl+wnL296HA4AXPmMRzuZmOGkA
--> X25519 vKd7jTrBShvHFFY67+xooWxDtmNYbc2Fh2G/cYV0tmo
-CWBEcJTVuHZy9tSIcq7RSQKhvEmcJr6CT1T36e2//D0
--> X25519 tq3r1Zdz7QJdHjE8ly9Uzw54jkAyq63D6iw2JXpUDWk
-ktxqJh7S1kH47G77mUB31IKrY8eHpW9huRVOoxPPOd4
--> -pi[:-grease zVwevS
-mO8
---- EBzdJICAmJmFzQ1pqU1eyGLBBcYc4DMqAgxJq25/hzg
-SW Eo96GcC
-?}d`:֟tu왾xRvmS:0Ŷa^zS
-J`{o oUtfTA,tLߐsOCyPg5O4(R ;`qksnT_d3AG[lAϪifsa	ҙEVsPr:bṆoƺ3pɪ(:.Lc}46<m*trM l>VV!:

--rG$YM7X}ljrL4zb24z
\ No newline at end of file
diff --git a/hosts/tahoe/secrets/unifi/unifi-poller.age b/hosts/tahoe/secrets/unifi/unifi-poller.age
deleted file mode 100644
index 0bba247..0000000
--- a/hosts/tahoe/secrets/unifi/unifi-poller.age
+++ /dev/null
Binary files differdiff --git a/hosts/tahoe/secrets/wireguard_privatekey.age b/hosts/tahoe/secrets/wireguard_privatekey.age
deleted file mode 100644
index f08c7aa..0000000
--- a/hosts/tahoe/secrets/wireguard_privatekey.age
+++ /dev/null
@@ -1,12 +0,0 @@
-age-encryption.org/v1
--> X25519 eyw1uK0XuDb6Iaq8pY4VUQNbEKSmj2JltoXIlqUWsn8
-ZzfbNdgoYIvWSeLNyUoitEFvueZiPlYUrsLJzGlUp30
--> X25519 WcbSf4EMR2Bhn1lkkvGlb6NFG3vdVp/KOSO7m4dLRAc
-3rNJ7W5idYYpNr1pavUeGtfT30whV+b2htBjQSE3jlc
--> X25519 v5INWoeE7B+cdBuOWGkJ6qITX4O0cuLPEZjFV7JpEXE
-D9sbaowN+HsnjVW3qyLiO2XeXudFT0BlFtUAaz1oWxE
--> x-grease x
-CQMrW2t0tVTjuvj+otbdZS/sxUGHDqDoyMVyAkVYhOfpxm8lZCVVlwXPhe6HEufB
-oSG6QFkJ8BrPIKn2XA
---- /XVESiNkDBYD0NYoXQhomrWbAC7RufQusQ9lAj8Jgzs
-$?i1-*W<9i)thXK9XsE#PX$ 8QqfFozqgr^}
\ No newline at end of file
diff --git a/hosts/tahoe/services.nix b/hosts/tahoe/services.nix
deleted file mode 100644
index 1159cb1..0000000
--- a/hosts/tahoe/services.nix
+++ /dev/null
@@ -1,21 +0,0 @@
-{ self, config, ... }:
-let secrets = config.age.secrets;
-in
-{
-  # this unit is broken and useless. I don't know how to not install
-  # it, so let's mask it.
-  systemd.services.mdmonitor.enable = false;
-
-  my.services = {
-    monitoring = {
-      prometheus = {
-        enable = true;
-        listenAddress = "192.168.6.40";
-      };
-      grafana = {
-        enable = true;
-        vhostName = "dash.${config.homelab.domain}";
-      };
-    };
-  };
-}