chvp/nixos-config
1
0
Fork 0
Code Issues Pull requests 1 Projects Releases Packages Wiki Activity Actions

flake: Decomission lasting-integrity and urithiru
Some checks failed
Cachix / build (kholinar) (push) Waiting to run
Details
Cachix / build (lasting-integrity) (push) Waiting to run
Details
Cachix / build (marabethia) (push) Waiting to run
Details
Cachix / build (urithiru) (push) Waiting to run
Details
Cachix / build (elendel) (push) Has been cancelled
Details

Browse source
This commit is contained in:
Charlotte Van Petegem 2024-12-04 15:36:24 +01:00
parent 8a82db6a76
commit 1cd6ebd88c
10 changed files with 1 additions and 282 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
flake.nix
View file

@ -191,9 +191,7 @@
nixosConfigurations = {
elendel = nixosSystem "x86_64-linux" "elendel";
kholinar = nixosSystem "x86_64-linux" "kholinar";
lasting-integrity = nixosSystem "x86_64-linux" "lasting-integrity";
marabethia = nixosSystem "x86_64-linux" "marabethia";
urithiru = nixosSystem "x86_64-linux" "urithiru";
};
darwinConfigurations.thaylen-city = darwinSystem "aarch64-darwin" "thaylen-city";
lsShells = builtins.readDir ./shells;

44
machines/lasting-integrity/default.nix
View file

@ -1,44 +0,0 @@
{ pkgs, ... }:
{
imports = [ ./hardware.nix ];
time.timeZone = "Europe/Berlin";
networking.hostId = "b352adfe";
# Machine-specific module settings
chvp = {
stateVersion = "20.09";
base = {
network = {
ovh = {
enable = true;
publicIPV4 = {
ip = "54.38.222.69";
gateway = "54.38.222.254";
};
publicIPV6 = {
ip = "2001:41d0:0700:1445::";
gateway = "2001:41d0:0700:14ff:ff:ff:ff:ff";
};
internalIPV4 = "192.168.0.2";
};
};
nix.enableDirenv = false;
zfs = {
enable = true;
backups = [
{
path = "zroot/safe/data";
remotePath = "zdata/recv/lasting-integrity/safe/data";
fast = true;
location = "192.168.0.1";
}
];
rootDataset = "zroot/local/root";
rootPool = "zroot";
};
};
};
}

77
machines/lasting-integrity/hardware.nix
View file

@ -1,77 +0,0 @@
{ lib, modulesPath, ... }:
{
imports = [ (modulesPath + "/installer/scan/not-detected.nix") ];
boot = {
loader = {
grub = {
enable = true;
efiSupport = true;
mirroredBoots = [
{ devices = [ "nodev" ]; path = "/boot/ESP0"; }
{ devices = [ "nodev" ]; path = "/boot/ESP1"; }
];
};
efi.canTouchEfiVariables = true;
};
initrd = {
availableKernelModules = [ "xhci_pci" "ehci_pci" "ahci" "usbhid" "usb_storage" "sd_mod" "sr_mod" ];
};
kernelModules = [ "kvm-intel" ];
};
fileSystems = {
"/" = {
device = "zroot/local/root";
fsType = "zfs";
neededForBoot = true;
};
"/nix" = {
device = "zroot/local/nix";
fsType = "zfs";
neededForBoot = true;
};
"/nix/store" = {
device = "zroot/local/nix-store";
fsType = "zfs";
neededForBoot = true;
};
"/data" = {
device = "zroot/safe/data";
fsType = "zfs";
neededForBoot = true;
};
"/cache" = {
device = "zroot/safe/cache";
fsType = "zfs";
neededForBoot = true;
};
"/srv/data" = {
device = "zdata/data";
fsType = "zfs";
};
"/boot/ESP0" = {
device = "/dev/disk/by-uuid/BC0C-3065";
fsType = "vfat";
};
"/boot/ESP1" = {
device = "/dev/disk/by-uuid/BC67-2D0D";
fsType = "vfat";
};
};
swapDevices = [
{ device = "/dev/disk/by-uuid/7b9d63e0-5525-4022-9d1a-6c62d52dfb78"; }
{ device = "/dev/disk/by-uuid/2602f9a5-c42a-4514-bc4a-30fbb2c08ee9"; }
{ device = "/dev/disk/by-uuid/0f98f67f-227f-4a03-892d-d2dfd37e39ad"; }
{ device = "/dev/disk/by-uuid/c7bd8b09-45cb-42cd-b355-1a1f2ebde6d4"; }
];
powerManagement.cpuFreqGovernor = lib.mkDefault "performance";
hardware = {
cpu.intel.updateMicrocode = true;
enableRedistributableFirmware = true;
};
services.fstrim.enable = true;
}

37
machines/urithiru/default.nix
View file

@ -1,37 +0,0 @@
{ lib, pkgs, nixosConfigurations, ... }:
{
imports = [ ./hardware.nix ];
time.timeZone = "Europe/Berlin";
networking.hostId = "079e60ba";
chvp = {
stateVersion = "20.09";
base = {
nix = {
enableDirenv = false;
slowGc = true;
};
network.ovh = {
enable = true;
publicIPV4 = {
ip = "193.70.44.178";
gateway = "193.70.44.254";
};
publicIPV6 = {
ip = "2001:41d0:0303:0ab2::";
gateway = "2001:41d0:0303:0aff:ff:ff:ff:ff";
};
internalIPV4 = "192.168.0.1";
};
zfs = {
enable = true;
backups = [ ];
rootDataset = "zroot/local/root";
rootPool = "zroot";
};
};
};
}

82
machines/urithiru/hardware.nix
View file

@ -1,82 +0,0 @@
{ lib, modulesPath, ... }:
{
imports = [ (modulesPath + "/installer/scan/not-detected.nix") ];
boot = {
loader = {
grub = {
enable = true;
efiSupport = true;
mirroredBoots = [
{ devices = [ "nodev" ]; path = "/boot/ESP0"; }
{ devices = [ "nodev" ]; path = "/boot/ESP1"; }
];
};
efi.canTouchEfiVariables = true;
};
initrd.availableKernelModules = [ "xhci_pci" "ehci_pci" "ahci" "usbhid" "usb_storage" "sd_mod" "sr_mod" ];
kernelModules = [ "kvm-intel" ];
};
fileSystems = {
"/" = {
device = "zroot/local/root";
fsType = "zfs";
neededForBoot = true;
};
"/nix" = {
device = "zroot/local/nix";
fsType = "zfs";
neededForBoot = true;
};
"/nix/store" = {
device = "zroot/local/nix-store";
fsType = "zfs";
neededForBoot = true;
};
"/data" = {
device = "zroot/safe/data";
fsType = "zfs";
neededForBoot = true;
};
"/cache" = {
device = "zroot/safe/cache";
fsType = "zfs";
neededForBoot = true;
};
"/srv/data" = {
device = "zdata/data";
fsType = "zfs";
};
"/var/lib/accentor" = {
device = "zdata/big-apps/accentor";
fsType = "zfs";
};
"/boot/ESP0" = {
device = "/dev/disk/by-uuid/6ED1-0638";
fsType = "vfat";
options = [ "fmask=0022" "dmask=0022" ];
};
"/boot/ESP1" = {
device = "/dev/disk/by-uuid/6F25-C8B8";
fsType = "vfat";
options = [ "fmask=0022" "dmask=0022" ];
};
};
swapDevices = [
{ device = "/dev/disk/by-uuid/2b90207f-2d08-49aa-8a05-2c98c59224c1"; }
{ device = "/dev/disk/by-uuid/e1a09bfa-9253-44f4-8c02-cf11cbde5320"; }
{ device = "/dev/disk/by-uuid/860a9a86-7882-479c-8be8-f51a5edbf7f7"; }
{ device = "/dev/disk/by-uuid/088f30de-c76d-4843-ac62-8442852b372d"; }
];
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
powerManagement.cpuFreqGovernor = lib.mkDefault "performance";
hardware = {
cpu.intel.updateMicrocode = true;
enableRedistributableFirmware = true;
};
services.fstrim.enable = true;
}

2
modules/darwin/base/wireguard/default.nix
View file

@ -9,7 +9,7 @@ in
# networking.wg-quick.interfaces."wg0" = {
# address = [ "${data.${config.networking.hostName}.ip}/32" ];
# autostart = true;
# dns = [ data.lasting-integrity.ip ];
# dns = [ data.marabethia.ip ];
# mtu = 1342;
# peers = [
# {

10
modules/shared/base/wireguard/default.nix
View file

@ -16,11 +16,6 @@ let
privkeyFile = config.age.secrets."files/wireguard/kholinar.privkey".path;
ip = "10.240.0.3";
};
lasting-integrity = {
pubkey = "mid3XfCY2jaNK0J6C9ltFLAbxL0IApwMw9K1Z+PU8C0=";
privkeyFile = config.age.secrets."files/wireguard/lasting-integrity.privkey".path;
ip = "10.240.0.6";
};
marabethia = {
pubkey = "h451oXBTzim1POLmnJC1OtFzbIXyxg6d5qpFFdHLbRs=";
privkeyFile = config.age.secrets."files/wireguard/marabethia.privkey".path;
@ -31,11 +26,6 @@ let
privkeyFile = config.age.secrets."files/wireguard/thaylen-city.privkey".path;
ip = "10.240.0.5";
};
urithiru = {
pubkey = "f4bnm/qNhMW5iXdQcBMmP8IUN6n+pDS15Ikct7QPr0E=";
privkeyFile = config.age.secrets."files/wireguard/urithiru.privkey".path;
ip = "10.240.0.2";
};
};
subnet = "10.240.0.0/24";
pskFile = config.age.secrets."files/wireguard/psk".path;

10
secrets.nix
View file

@ -1,24 +1,18 @@
let
elendel = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICZU5fDbqEkllipbknJy/Dm3Fcicb5gscVzmsFG/9RoA";
kholinar = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOL8MzChayhcVTfZvE3/ExwXpq2+LbihjzUVlKeIGoOL";
lasting-integrity = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMKJmeY7j5LxWVv3fKzqG4Bvg/ZhOp8iwk0utpyMWMSk";
marabethia = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAUP1r937+PLiqdyUuqbYoyAs04/2AxuXS13grU+fvpA";
thaylen-city = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIC/sIkgf7aYX/JcWWp/dCHgq7sJ5WDYYyWSn3DvkW4gB";
urithiru = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOrzOpyzDc5BVtAeb5//PnMRcp+9B+DjfU7p2YpaH6a2";
nixosHosts = [
elendel
kholinar
lasting-integrity
marabethia
urithiru
];
hosts = [
elendel
kholinar
lasting-integrity
marabethia
thaylen-city
urithiru
];
nixosPersonals = [
kholinar
@ -29,9 +23,7 @@ let
];
servers = [
elendel
lasting-integrity
marabethia
urithiru
];
charlotte = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICDb17zAg3zwvdYHNZqXSGYKseCz5281Ha6oOYPbwFYD"
@ -93,10 +85,8 @@ in
"secrets/files/wireguard/elendel.privkey.age".publicKeys = [ elendel ] ++ users;
"secrets/files/wireguard/kholinar.privkey.age".publicKeys = [ kholinar ] ++ users;
"secrets/files/wireguard/lasting-integrity.privkey.age".publicKeys = [ lasting-integrity ] ++ users;
"secrets/files/wireguard/marabethia.privkey.age".publicKeys = [ marabethia ] ++ users;
"secrets/files/wireguard/thaylen-city.privkey.age".publicKeys = [ thaylen-city ] ++ users;
"secrets/files/wireguard/urithiru.privkey.age".publicKeys = [ urithiru ] ++ users;
"secrets/files/wireguard/psk.age".publicKeys = hosts ++ users;
"secrets/data-access/ssh_host_rsa_key.age".publicKeys = [ elendel ] ++ users;

10
secrets/files/wireguard/lasting-integrity.privkey.age
View file

@ -1,10 +0,0 @@
age-encryption.org/v1
-> ssh-ed25519 hKAFvQ ShoIptYiJb1oAfDEeRjof9l+WtxbiXCIfmcAqLSinhs
pJi/7KAzsMHdHl/H4CErufITEyDgLjURQsQEs2oVbD8
-> ssh-ed25519 s9rb8g L1n/wTrTJe2zIrY2RDJqliQA2suPjtE9Ap1hllwLtnA
IaWa25obzFz9DiPkX+hgsznowAhAJ/wKYJ1YeSn04eA
-> ssh-ed25519 +xxExQ ndFyx+OXyXlENpBCYxHJ4bw+FQW7P53hXJ2nyod46T8
g22SWeTUmS5WdX+283iYFAo+yCnDFVkRk6g2kJ03PBE
--- cra4y/CC9qs8eERUAXZm1Y8l2DS6Z+Apt+zc8g2kdSY
+•[ÛÇX
yŸqþ2Bè—ÉÔZ…Ÿ¶}6£Ûü/ú¯ãH7HÓf ‰vD ?Ü´¥uè<C3A8>x@Ø™3"<ØaŸÑ—BzœO˜d£n“%

9
secrets/files/wireguard/urithiru.privkey.age
View file

@ -1,9 +0,0 @@
age-encryption.org/v1
-> ssh-ed25519 9PfEBQ 2VzdoRBxA3+0ZHYzvkl9LK/zSP8E5aPzYPm9fKDDh2o
OowRV+K+e/I21vHbAZkHBYkoBKAq3Czmha6k7E4T3xQ
-> ssh-ed25519 s9rb8g 3N711/TmS4oti9LGWMGUSWnVALMtZgeqklIsvQp4Kgg
sk1l1RjizAuAfVTqIgGNyRAV0HzylFu6unHhvdDnVPE
-> ssh-ed25519 +xxExQ gZfXIgpEw9PEgE4mAYhCoKpDb7h0a+GHrJ5BhPDAA2s
eKL17simjYqKaEbp4KsZMM4BqSPumgdXVBbSxMnWqIE
--- kSO1jr8cCdu+ZbMXYWQRrPUKg2e5vzmGGAmZl6mOw2M
(½›Þ´ –šO™Ôl'ÃZ8U?J§£—SLs÷PÞ[ù¯\Û¡|ǺŠ„‰åº!Ç$ÖzUØ…Šª·[EÌŸæX‡p&]ˆÝ