about summary refs log tree commit diff
path: root/nix/hosts
diff options
context:
space:
mode:
Diffstat (limited to 'nix/hosts')
-rw-r--r--nix/hosts/nixos/default.nix6
-rw-r--r--nix/hosts/nixos/packages.nix9
-rw-r--r--nix/hosts/nixos/user.nix19
-rw-r--r--nix/hosts/nixos/vm/default.nix19
-rw-r--r--nix/hosts/nixos/vm/hardware.nix14
-rw-r--r--nix/hosts/nixos/wildcat/configuration.nix140
-rw-r--r--nix/hosts/nixos/wildcat/default.nix18
-rw-r--r--nix/hosts/nixos/wildcat/hardware.nix29
-rw-r--r--nix/hosts/nixos/wildcat/networking.nix51
9 files changed, 0 insertions, 305 deletions
diff --git a/nix/hosts/nixos/default.nix b/nix/hosts/nixos/default.nix
deleted file mode 100644
index abfb3a7..0000000
--- a/nix/hosts/nixos/default.nix
+++ /dev/null
@@ -1,6 +0,0 @@
-{ ... }: {
-  imports = [
-    ./packages.nix
-    ./user.nix
-  ];
-}
diff --git a/nix/hosts/nixos/packages.nix b/nix/hosts/nixos/packages.nix
deleted file mode 100644
index 8e807c6..0000000
--- a/nix/hosts/nixos/packages.nix
+++ /dev/null
@@ -1,9 +0,0 @@
-{ pkgs, ... }: {
-  environment = {
-    systemPackages = with pkgs; [
-      git
-      jq
-      vim
-    ];
-  };
-}
diff --git a/nix/hosts/nixos/user.nix b/nix/hosts/nixos/user.nix
deleted file mode 100644
index 47c2267..0000000
--- a/nix/hosts/nixos/user.nix
+++ /dev/null
@@ -1,19 +0,0 @@
-{ ... }: {
-  users.users.fcuny = {
-    uid = 1000;
-    isNormalUser = true;
-    extraGroups = [ "git" "wheel" ];
-    openssh.authorizedKeys.keys = [
-      "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINBkozy+X96u5ciX766bJ/AyQ3xm1tXZTIr5+4PVFZFi"
-      "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFP4IsfG32WsmXJNcjsmuahhBHFQ6NulngEMaxcvDd/C"
-    ];
-  };
-
-  security.sudo.extraRules = [{
-    groups = [ "wheel" ];
-    commands = [{
-      command = "ALL";
-      options = [ "NOPASSWD" ];
-    }];
-  }];
-}
diff --git a/nix/hosts/nixos/vm/default.nix b/nix/hosts/nixos/vm/default.nix
deleted file mode 100644
index f4a51aa..0000000
--- a/nix/hosts/nixos/vm/default.nix
+++ /dev/null
@@ -1,19 +0,0 @@
-{ ... }: {
-  imports = [ ./hardware.nix ];
-
-  boot.tmp.cleanOnBoot = true;
-  zramSwap.enable = false;
-
-  networking = {
-    hostName = "nixos";
-    domain = "";
-  };
-
-  services.openssh.enable = true;
-
-  users.users.root.openssh.authorizedKeys.keys = [
-    "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINBkozy+X96u5ciX766bJ/AyQ3xm1tXZTIr5+4PVFZFi"
-  ];
-
-  system.stateVersion = "23.11";
-}
diff --git a/nix/hosts/nixos/vm/hardware.nix b/nix/hosts/nixos/vm/hardware.nix
deleted file mode 100644
index 89c3d8b..0000000
--- a/nix/hosts/nixos/vm/hardware.nix
+++ /dev/null
@@ -1,14 +0,0 @@
-{ modulesPath, ... }:
-{
-  imports = [ (modulesPath + "/profiles/qemu-guest.nix") ];
-  boot.loader.grub = {
-    efiSupport = true;
-    efiInstallAsRemovable = true;
-    device = "nodev";
-  };
-  fileSystems."/boot" = { device = "/dev/disk/by-uuid/E783-E9AE"; fsType = "vfat"; };
-  boot.initrd.availableKernelModules = [ "ata_piix" "uhci_hcd" "xen_blkfront" ];
-  boot.initrd.kernelModules = [ "nvme" ];
-  fileSystems."/" = { device = "/dev/vda2"; fsType = "ext4"; };
-  swapDevices = [{ device = "/dev/vda3"; }];
-}
diff --git a/nix/hosts/nixos/wildcat/configuration.nix b/nix/hosts/nixos/wildcat/configuration.nix
deleted file mode 100644
index b74f522..0000000
--- a/nix/hosts/nixos/wildcat/configuration.nix
+++ /dev/null
@@ -1,140 +0,0 @@
-{ lib, pkgs, ... }: {
-  security.acme = {
-    defaults.email = "acme@fcuny.net";
-    acceptTerms = true;
-  };
-
-  # FIXME: I also ran the following as the git user:
-  # git config --global init.defaultBranch main
-  # to ensure that new repositories are created with the default
-  # branch set to `main'.
-  # TODO(fcuny): I could create the configuration file to set the default branch
-  services.gitolite = {
-    enable = true;
-    adminPubkey =
-      "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINBkozy+X96u5ciX766bJ/AyQ3xm1tXZTIr5+4PVFZFi";
-    user = "git";
-    group = "git";
-    extraGitoliteRc = ''
-      # Make dirs/files group readable, needed for webserver/cgit. (Default
-      # setting is 0077.)
-      $RC{UMASK} = 0027;
-      $RC{GIT_CONFIG_KEYS} = 'cgit.desc cgit.hide cgit.ignore cgit.owner';
-      $RC{LOCAL_CODE} = "$rc{GL_ADMIN_BASE}/local";
-      push( @{$RC{ENABLE}}, 'symbolic-ref' );
-    '';
-  };
-
-  services.cgit.main = {
-    enable = true;
-    package = pkgs.cgit-pink;
-    user = "git";
-    group = "git";
-    nginx.virtualHost = "git.fcuny.net";
-    scanPath = "/var/lib/gitolite/repositories";
-    settings = {
-      css = "/cgit.css";
-      logo = "/cgit.png";
-      favicon = "/favicon.ico";
-      robots = "noindex, nofollow";
-      readme = ":README.md";
-      project-list = "/var/lib/gitolite/projects.list";
-      about-filter = "${pkgs.cgit-pink}/lib/cgit/filters/about-formatting.sh";
-      source-filter =
-        "${pkgs.cgit-pink}/lib/cgit/filters/syntax-highlighting.py";
-      clone-url =
-        (lib.concatStringsSep " " [ "https://git.fcuny.net/$CGIT_REPO_URL" ]);
-      enable-log-filecount = 1;
-      enable-log-linecount = 1;
-      enable-git-config = 1;
-      enable-blame = 1;
-      enable-commit-graph = 1;
-      enable-follow-links = 1;
-      enable-index-links = 1;
-      enable-remote-branches = 1;
-      enable-subject-links = 1;
-      enable-tree-linenumbers = 1;
-      max-atom-items = 108;
-      max-commit-count = 250;
-      max-repo-count = 500;
-      repository-sort = "age";
-      snapshots = "tar.gz";
-      root-title = "¯\\_(ツ)_/¯";
-      root-desc = "source code of my various projects";
-    };
-  };
-
-  virtualisation.oci-containers.containers.excalidraw = {
-    autoStart = true;
-    image = "excalidraw/excalidraw:latest";
-    environment = { TZ = "America/Los_Angeles"; };
-    ports = [ "127.0.0.1:3030:80" ];
-    extraOptions = [ "--pull=always" ];
-  };
-
-  services.nginx = {
-    enable = true;
-
-    recommendedProxySettings = true;
-    recommendedGzipSettings = true;
-    recommendedOptimisation = true;
-    recommendedTlsSettings = true;
-
-    virtualHosts = {
-      "fcuny.net" = {
-        # make it the default site: if a request goes through nginx
-        # without a host header, this will be the default site we serve
-        # for that request.
-        default = true;
-        forceSSL = true;
-        enableACME = true;
-        locations = {
-          "/" = { root = "/srv/www/fcuny.net"; };
-          "/.well-known/acme-challenge" = {
-            root = "/var/lib/acme/acme-challenges";
-          };
-        };
-      };
-      "git.fcuny.net" = {
-        forceSSL = true;
-        enableACME = true;
-        locations = {
-          "/.well-known/acme-challenge" = {
-            root = "/var/lib/acme/acme-challenges";
-          };
-        };
-      };
-      "draw.fcuny.net" = {
-        forceSSL = true;
-        enableACME = true;
-        locations = {
-          "/".proxyPass = "http://127.0.0.1:3030";
-          "/.well-known/acme-challenge" = {
-            root = "/var/lib/acme/acme-challenges";
-          };
-        };
-      };
-    };
-  };
-
-  services.restic.backups.git = {
-    user = "fcuny";
-    passwordFile = "/etc/restic.pw";
-    repository = "/srv/backups/git";
-    initialize = true;
-    paths = [ "/var/lib/gitolite" ];
-    exclude = [
-      "/var/lib/gitolite/.bash_history"
-      "/var/lib/gitolite/.ssh"
-      "/var/lib/gitolite/.viminfo"
-    ];
-    extraBackupArgs = [ "--exclude-caches" "--compression=max" ];
-    timerConfig = { OnCalendar = "*:0/30"; };
-    pruneOpts = [
-      "--keep-hourly 36"
-      "--keep-daily 7"
-      "--keep-weekly 4"
-      "--keep-monthly 3"
-    ];
-  };
-}
diff --git a/nix/hosts/nixos/wildcat/default.nix b/nix/hosts/nixos/wildcat/default.nix
deleted file mode 100644
index 7bde471..0000000
--- a/nix/hosts/nixos/wildcat/default.nix
+++ /dev/null
@@ -1,18 +0,0 @@
-{ ... }: {
-
-  imports = [ ./hardware.nix ./networking.nix ./configuration.nix ];
-
-  boot.tmp.cleanOnBoot = true;
-  zramSwap.enable = true;
-
-  networking.hostName = "fcuny";
-  networking.domain = "net";
-
-  services.openssh.enable = true;
-
-  users.users.root.openssh.authorizedKeys.keys = [
-    "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINBkozy+X96u5ciX766bJ/AyQ3xm1tXZTIr5+4PVFZFi"
-  ];
-
-  system.stateVersion = "23.11";
-}
diff --git a/nix/hosts/nixos/wildcat/hardware.nix b/nix/hosts/nixos/wildcat/hardware.nix
deleted file mode 100644
index 351c991..0000000
--- a/nix/hosts/nixos/wildcat/hardware.nix
+++ /dev/null
@@ -1,29 +0,0 @@
-{ modulesPath, ... }:
-{
-  imports = [ (modulesPath + "/profiles/qemu-guest.nix") ];
-
-  boot.initrd.availableKernelModules = [
-    "ata_piix"
-    "uhci_hcd"
-    "xen_blkfront"
-    "vmw_pvscsi"
-  ];
-
-  boot.loader.grub = {
-    enable = true;
-    device = "/dev/sda";
-  };
-
-  boot.initrd.kernelModules = [ "nvme" ];
-
-  fileSystems = {
-    "/" = {
-      device = "/dev/sda1";
-      fsType = "ext4";
-    };
-    "/srv" = {
-      device = "/dev/disk/by-id/scsi-0HC_Volume_101115314";
-      fsType = "ext4";
-    };
-  };
-}
diff --git a/nix/hosts/nixos/wildcat/networking.nix b/nix/hosts/nixos/wildcat/networking.nix
deleted file mode 100644
index c0b4bd0..0000000
--- a/nix/hosts/nixos/wildcat/networking.nix
+++ /dev/null
@@ -1,51 +0,0 @@
-{ lib, ... }: {
-  # This file was populated at runtime with the networking
-  # details gathered from the active system.
-  networking = {
-    nameservers =
-      [ "2a01:4ff:ff00::add:2" "2a01:4ff:ff00::add:1" "185.12.64.1" ];
-    defaultGateway = "172.31.1.1";
-    defaultGateway6 = {
-      address = "fe80::1";
-      interface = "eth0";
-    };
-    dhcpcd.enable = false;
-    usePredictableInterfaceNames = lib.mkForce false;
-    interfaces = {
-      eth0 = {
-        ipv4.addresses = [{
-          address = "5.78.87.68";
-          prefixLength = 32;
-        }];
-        ipv6.addresses = [
-          {
-            address = "2a01:4ff:1f0:d1a3::1";
-            prefixLength = 64;
-          }
-          {
-            address = "fe80::9400:3ff:fe98:d6dc";
-            prefixLength = 64;
-          }
-        ];
-        ipv4.routes = [{
-          address = "172.31.1.1";
-          prefixLength = 32;
-        }];
-        ipv6.routes = [{
-          address = "fe80::1";
-          prefixLength = 128;
-        }];
-      };
-
-    };
-    firewall.allowedTCPPorts = [
-      22 # ssh
-      80 # nginx
-      443 # nginx
-    ];
-  };
-  services.udev.extraRules = ''
-    ATTR{address}=="96:00:03:98:d6:dc", NAME="eth0"
-
-  '';
-}