From 1cd6ebd88cb83d0742e6bf4acf8459d5b3b52864 Mon Sep 17 00:00:00 2001 From: Charlotte Van Petegem Date: Wed, 4 Dec 2024 15:36:24 +0100 Subject: [PATCH] flake: Decomission lasting-integrity and urithiru --- flake.nix | 2 - machines/lasting-integrity/default.nix | 44 ---------- machines/lasting-integrity/hardware.nix | 77 ----------------- machines/urithiru/default.nix | 37 --------- machines/urithiru/hardware.nix | 82 ------------------- modules/darwin/base/wireguard/default.nix | 2 +- modules/shared/base/wireguard/default.nix | 10 --- secrets.nix | 10 --- .../wireguard/lasting-integrity.privkey.age | 10 --- secrets/files/wireguard/urithiru.privkey.age | 9 -- 10 files changed, 1 insertion(+), 282 deletions(-) delete mode 100644 machines/lasting-integrity/default.nix delete mode 100644 machines/lasting-integrity/hardware.nix delete mode 100644 machines/urithiru/default.nix delete mode 100644 machines/urithiru/hardware.nix delete mode 100644 secrets/files/wireguard/lasting-integrity.privkey.age delete mode 100644 secrets/files/wireguard/urithiru.privkey.age diff --git a/flake.nix b/flake.nix index 93a7be36..640b4e6e 100644 --- a/flake.nix +++ b/flake.nix @@ -191,9 +191,7 @@ nixosConfigurations = { elendel = nixosSystem "x86_64-linux" "elendel"; kholinar = nixosSystem "x86_64-linux" "kholinar"; - lasting-integrity = nixosSystem "x86_64-linux" "lasting-integrity"; marabethia = nixosSystem "x86_64-linux" "marabethia"; - urithiru = nixosSystem "x86_64-linux" "urithiru"; }; darwinConfigurations.thaylen-city = darwinSystem "aarch64-darwin" "thaylen-city"; lsShells = builtins.readDir ./shells; diff --git a/machines/lasting-integrity/default.nix b/machines/lasting-integrity/default.nix deleted file mode 100644 index 30284272..00000000 --- a/machines/lasting-integrity/default.nix +++ /dev/null @@ -1,44 +0,0 @@ -{ pkgs, ... }: - -{ - imports = [ ./hardware.nix ]; - - time.timeZone = "Europe/Berlin"; - - networking.hostId = "b352adfe"; - - # Machine-specific module settings - chvp = { - stateVersion = "20.09"; - base = { - network = { - ovh = { - enable = true; - publicIPV4 = { - ip = "54.38.222.69"; - gateway = "54.38.222.254"; - }; - publicIPV6 = { - ip = "2001:41d0:0700:1445::"; - gateway = "2001:41d0:0700:14ff:ff:ff:ff:ff"; - }; - internalIPV4 = "192.168.0.2"; - }; - }; - nix.enableDirenv = false; - zfs = { - enable = true; - backups = [ - { - path = "zroot/safe/data"; - remotePath = "zdata/recv/lasting-integrity/safe/data"; - fast = true; - location = "192.168.0.1"; - } - ]; - rootDataset = "zroot/local/root"; - rootPool = "zroot"; - }; - }; - }; -} diff --git a/machines/lasting-integrity/hardware.nix b/machines/lasting-integrity/hardware.nix deleted file mode 100644 index 061ef980..00000000 --- a/machines/lasting-integrity/hardware.nix +++ /dev/null @@ -1,77 +0,0 @@ -{ lib, modulesPath, ... }: - -{ - imports = [ (modulesPath + "/installer/scan/not-detected.nix") ]; - - boot = { - loader = { - grub = { - enable = true; - efiSupport = true; - mirroredBoots = [ - { devices = [ "nodev" ]; path = "/boot/ESP0"; } - { devices = [ "nodev" ]; path = "/boot/ESP1"; } - ]; - }; - efi.canTouchEfiVariables = true; - }; - initrd = { - availableKernelModules = [ "xhci_pci" "ehci_pci" "ahci" "usbhid" "usb_storage" "sd_mod" "sr_mod" ]; - }; - kernelModules = [ "kvm-intel" ]; - }; - - fileSystems = { - "/" = { - device = "zroot/local/root"; - fsType = "zfs"; - neededForBoot = true; - }; - "/nix" = { - device = "zroot/local/nix"; - fsType = "zfs"; - neededForBoot = true; - }; - "/nix/store" = { - device = "zroot/local/nix-store"; - fsType = "zfs"; - neededForBoot = true; - }; - "/data" = { - device = "zroot/safe/data"; - fsType = "zfs"; - neededForBoot = true; - }; - "/cache" = { - device = "zroot/safe/cache"; - fsType = "zfs"; - neededForBoot = true; - }; - "/srv/data" = { - device = "zdata/data"; - fsType = "zfs"; - }; - "/boot/ESP0" = { - device = "/dev/disk/by-uuid/BC0C-3065"; - fsType = "vfat"; - }; - "/boot/ESP1" = { - device = "/dev/disk/by-uuid/BC67-2D0D"; - fsType = "vfat"; - }; - }; - - swapDevices = [ - { device = "/dev/disk/by-uuid/7b9d63e0-5525-4022-9d1a-6c62d52dfb78"; } - { device = "/dev/disk/by-uuid/2602f9a5-c42a-4514-bc4a-30fbb2c08ee9"; } - { device = "/dev/disk/by-uuid/0f98f67f-227f-4a03-892d-d2dfd37e39ad"; } - { device = "/dev/disk/by-uuid/c7bd8b09-45cb-42cd-b355-1a1f2ebde6d4"; } - ]; - - powerManagement.cpuFreqGovernor = lib.mkDefault "performance"; - hardware = { - cpu.intel.updateMicrocode = true; - enableRedistributableFirmware = true; - }; - services.fstrim.enable = true; -} diff --git a/machines/urithiru/default.nix b/machines/urithiru/default.nix deleted file mode 100644 index 674ae140..00000000 --- a/machines/urithiru/default.nix +++ /dev/null @@ -1,37 +0,0 @@ -{ lib, pkgs, nixosConfigurations, ... }: - -{ - imports = [ ./hardware.nix ]; - - time.timeZone = "Europe/Berlin"; - - networking.hostId = "079e60ba"; - - chvp = { - stateVersion = "20.09"; - base = { - nix = { - enableDirenv = false; - slowGc = true; - }; - network.ovh = { - enable = true; - publicIPV4 = { - ip = "193.70.44.178"; - gateway = "193.70.44.254"; - }; - publicIPV6 = { - ip = "2001:41d0:0303:0ab2::"; - gateway = "2001:41d0:0303:0aff:ff:ff:ff:ff"; - }; - internalIPV4 = "192.168.0.1"; - }; - zfs = { - enable = true; - backups = [ ]; - rootDataset = "zroot/local/root"; - rootPool = "zroot"; - }; - }; - }; -} diff --git a/machines/urithiru/hardware.nix b/machines/urithiru/hardware.nix deleted file mode 100644 index 41715ffe..00000000 --- a/machines/urithiru/hardware.nix +++ /dev/null @@ -1,82 +0,0 @@ -{ lib, modulesPath, ... }: - -{ - imports = [ (modulesPath + "/installer/scan/not-detected.nix") ]; - - boot = { - loader = { - grub = { - enable = true; - efiSupport = true; - mirroredBoots = [ - { devices = [ "nodev" ]; path = "/boot/ESP0"; } - { devices = [ "nodev" ]; path = "/boot/ESP1"; } - ]; - }; - efi.canTouchEfiVariables = true; - }; - initrd.availableKernelModules = [ "xhci_pci" "ehci_pci" "ahci" "usbhid" "usb_storage" "sd_mod" "sr_mod" ]; - kernelModules = [ "kvm-intel" ]; - }; - - fileSystems = { - "/" = { - device = "zroot/local/root"; - fsType = "zfs"; - neededForBoot = true; - }; - "/nix" = { - device = "zroot/local/nix"; - fsType = "zfs"; - neededForBoot = true; - }; - "/nix/store" = { - device = "zroot/local/nix-store"; - fsType = "zfs"; - neededForBoot = true; - }; - "/data" = { - device = "zroot/safe/data"; - fsType = "zfs"; - neededForBoot = true; - }; - "/cache" = { - device = "zroot/safe/cache"; - fsType = "zfs"; - neededForBoot = true; - }; - "/srv/data" = { - device = "zdata/data"; - fsType = "zfs"; - }; - "/var/lib/accentor" = { - device = "zdata/big-apps/accentor"; - fsType = "zfs"; - }; - "/boot/ESP0" = { - device = "/dev/disk/by-uuid/6ED1-0638"; - fsType = "vfat"; - options = [ "fmask=0022" "dmask=0022" ]; - }; - "/boot/ESP1" = { - device = "/dev/disk/by-uuid/6F25-C8B8"; - fsType = "vfat"; - options = [ "fmask=0022" "dmask=0022" ]; - }; - }; - - swapDevices = [ - { device = "/dev/disk/by-uuid/2b90207f-2d08-49aa-8a05-2c98c59224c1"; } - { device = "/dev/disk/by-uuid/e1a09bfa-9253-44f4-8c02-cf11cbde5320"; } - { device = "/dev/disk/by-uuid/860a9a86-7882-479c-8be8-f51a5edbf7f7"; } - { device = "/dev/disk/by-uuid/088f30de-c76d-4843-ac62-8442852b372d"; } - ]; - - nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; - powerManagement.cpuFreqGovernor = lib.mkDefault "performance"; - hardware = { - cpu.intel.updateMicrocode = true; - enableRedistributableFirmware = true; - }; - services.fstrim.enable = true; -} diff --git a/modules/darwin/base/wireguard/default.nix b/modules/darwin/base/wireguard/default.nix index be683f24..7a5fdc90 100644 --- a/modules/darwin/base/wireguard/default.nix +++ b/modules/darwin/base/wireguard/default.nix @@ -9,7 +9,7 @@ in # networking.wg-quick.interfaces."wg0" = { # address = [ "${data.${config.networking.hostName}.ip}/32" ]; # autostart = true; - # dns = [ data.lasting-integrity.ip ]; + # dns = [ data.marabethia.ip ]; # mtu = 1342; # peers = [ # { diff --git a/modules/shared/base/wireguard/default.nix b/modules/shared/base/wireguard/default.nix index 015a7f36..3ba3067a 100644 --- a/modules/shared/base/wireguard/default.nix +++ b/modules/shared/base/wireguard/default.nix @@ -16,11 +16,6 @@ let privkeyFile = config.age.secrets."files/wireguard/kholinar.privkey".path; ip = "10.240.0.3"; }; - lasting-integrity = { - pubkey = "mid3XfCY2jaNK0J6C9ltFLAbxL0IApwMw9K1Z+PU8C0="; - privkeyFile = config.age.secrets."files/wireguard/lasting-integrity.privkey".path; - ip = "10.240.0.6"; - }; marabethia = { pubkey = "h451oXBTzim1POLmnJC1OtFzbIXyxg6d5qpFFdHLbRs="; privkeyFile = config.age.secrets."files/wireguard/marabethia.privkey".path; @@ -31,11 +26,6 @@ let privkeyFile = config.age.secrets."files/wireguard/thaylen-city.privkey".path; ip = "10.240.0.5"; }; - urithiru = { - pubkey = "f4bnm/qNhMW5iXdQcBMmP8IUN6n+pDS15Ikct7QPr0E="; - privkeyFile = config.age.secrets."files/wireguard/urithiru.privkey".path; - ip = "10.240.0.2"; - }; }; subnet = "10.240.0.0/24"; pskFile = config.age.secrets."files/wireguard/psk".path; diff --git a/secrets.nix b/secrets.nix index c857410e..b2af858e 100644 --- a/secrets.nix +++ b/secrets.nix @@ -1,24 +1,18 @@ let elendel = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICZU5fDbqEkllipbknJy/Dm3Fcicb5gscVzmsFG/9RoA"; kholinar = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOL8MzChayhcVTfZvE3/ExwXpq2+LbihjzUVlKeIGoOL"; - lasting-integrity = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMKJmeY7j5LxWVv3fKzqG4Bvg/ZhOp8iwk0utpyMWMSk"; marabethia = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAUP1r937+PLiqdyUuqbYoyAs04/2AxuXS13grU+fvpA"; thaylen-city = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIC/sIkgf7aYX/JcWWp/dCHgq7sJ5WDYYyWSn3DvkW4gB"; - urithiru = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOrzOpyzDc5BVtAeb5//PnMRcp+9B+DjfU7p2YpaH6a2"; nixosHosts = [ elendel kholinar - lasting-integrity marabethia - urithiru ]; hosts = [ elendel kholinar - lasting-integrity marabethia thaylen-city - urithiru ]; nixosPersonals = [ kholinar @@ -29,9 +23,7 @@ let ]; servers = [ elendel - lasting-integrity marabethia - urithiru ]; charlotte = [ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICDb17zAg3zwvdYHNZqXSGYKseCz5281Ha6oOYPbwFYD" @@ -93,10 +85,8 @@ in "secrets/files/wireguard/elendel.privkey.age".publicKeys = [ elendel ] ++ users; "secrets/files/wireguard/kholinar.privkey.age".publicKeys = [ kholinar ] ++ users; - "secrets/files/wireguard/lasting-integrity.privkey.age".publicKeys = [ lasting-integrity ] ++ users; "secrets/files/wireguard/marabethia.privkey.age".publicKeys = [ marabethia ] ++ users; "secrets/files/wireguard/thaylen-city.privkey.age".publicKeys = [ thaylen-city ] ++ users; - "secrets/files/wireguard/urithiru.privkey.age".publicKeys = [ urithiru ] ++ users; "secrets/files/wireguard/psk.age".publicKeys = hosts ++ users; "secrets/data-access/ssh_host_rsa_key.age".publicKeys = [ elendel ] ++ users; diff --git a/secrets/files/wireguard/lasting-integrity.privkey.age b/secrets/files/wireguard/lasting-integrity.privkey.age deleted file mode 100644 index 9b9dccbc..00000000 --- a/secrets/files/wireguard/lasting-integrity.privkey.age +++ /dev/null @@ -1,10 +0,0 @@ -age-encryption.org/v1 --> ssh-ed25519 hKAFvQ ShoIptYiJb1oAfDEeRjof9l+WtxbiXCIfmcAqLSinhs -pJi/7KAzsMHdHl/H4CErufITEyDgLjURQsQEs2oVbD8 --> ssh-ed25519 s9rb8g L1n/wTrTJe2zIrY2RDJqliQA2suPjtE9Ap1hllwLtnA -IaWa25obzFz9DiPkX+hgsznowAhAJ/wKYJ1YeSn04eA --> ssh-ed25519 +xxExQ ndFyx+OXyXlENpBCYxHJ4bw+FQW7P53hXJ2nyod46T8 -g22SWeTUmS5WdX+283iYFAo+yCnDFVkRk6g2kJ03PBE ---- cra4y/CC9qs8eERUAXZm1Y8l2DS6Z+Apt+zc8g2kdSY -+[X -yq2BZ}6/H7HfvD ?u肁x@3" ssh-ed25519 9PfEBQ 2VzdoRBxA3+0ZHYzvkl9LK/zSP8E5aPzYPm9fKDDh2o -OowRV+K+e/I21vHbAZkHBYkoBKAq3Czmha6k7E4T3xQ --> ssh-ed25519 s9rb8g 3N711/TmS4oti9LGWMGUSWnVALMtZgeqklIsvQp4Kgg -sk1l1RjizAuAfVTqIgGNyRAV0HzylFu6unHhvdDnVPE --> ssh-ed25519 +xxExQ gZfXIgpEw9PEgE4mAYhCoKpDb7h0a+GHrJ5BhPDAA2s -eKL17simjYqKaEbp4KsZMM4BqSPumgdXVBbSxMnWqIE ---- kSO1jr8cCdu+ZbMXYWQRrPUKg2e5vzmGGAmZl6mOw2M -(޴Ol'Z8U?JSLsP[\ۡ|Ǻ!$zU؅[E̟Xp&] \ No newline at end of file