flake: Decomission lasting-integrity and urithiru

2024-12-04 15:36:24 +01:00 · 2024-12-04 15:36:24 +01:00 · 1cd6ebd88c
commit 1cd6ebd88c
parent 8a82db6a76
10 changed files with 1 additions and 282 deletions
--- a/flake.nix
+++ b/flake.nix
@ -191,9 +191,7 @@
      nixosConfigurations = {
        elendel = nixosSystem "x86_64-linux" "elendel";
        kholinar = nixosSystem "x86_64-linux" "kholinar";
        lasting-integrity = nixosSystem "x86_64-linux" "lasting-integrity";
        marabethia = nixosSystem "x86_64-linux" "marabethia";
        urithiru = nixosSystem "x86_64-linux" "urithiru";
      };
      darwinConfigurations.thaylen-city = darwinSystem "aarch64-darwin" "thaylen-city";
      lsShells = builtins.readDir ./shells;
--- a/machines/lasting-integrity/default.nix
+++ b/machines/lasting-integrity/default.nix
@ -1,44 +0,0 @@
 { pkgs, ... }:
 {
  imports = [ ./hardware.nix ];
  time.timeZone = "Europe/Berlin";
  networking.hostId = "b352adfe";
  # Machine-specific module settings
  chvp = {
    stateVersion = "20.09";
    base = {
      network = {
        ovh = {
          enable = true;
          publicIPV4 = {
            ip = "54.38.222.69";
            gateway = "54.38.222.254";
          };
          publicIPV6 = {
            ip = "2001:41d0:0700:1445::";
            gateway = "2001:41d0:0700:14ff:ff:ff:ff:ff";
          };
          internalIPV4 = "192.168.0.2";
        };
      };
      nix.enableDirenv = false;
      zfs = {
        enable = true;
        backups = [
          {
            path = "zroot/safe/data";
            remotePath = "zdata/recv/lasting-integrity/safe/data";
            fast = true;
            location = "192.168.0.1";
          }
        ];
        rootDataset = "zroot/local/root";
        rootPool = "zroot";
      };
    };
  };
 }
--- a/machines/lasting-integrity/hardware.nix
+++ b/machines/lasting-integrity/hardware.nix
@ -1,77 +0,0 @@
 { lib, modulesPath, ... }:
 {
  imports = [ (modulesPath + "/installer/scan/not-detected.nix") ];
  boot = {
    loader = {
      grub = {
        enable = true;
        efiSupport = true;
        mirroredBoots = [
          { devices = [ "nodev" ]; path = "/boot/ESP0"; }
          { devices = [ "nodev" ]; path = "/boot/ESP1"; }
        ];
      };
      efi.canTouchEfiVariables = true;
    };
    initrd = {
      availableKernelModules = [ "xhci_pci" "ehci_pci" "ahci" "usbhid" "usb_storage" "sd_mod" "sr_mod" ];
    };
    kernelModules = [ "kvm-intel" ];
  };
  fileSystems = {
    "/" = {
      device = "zroot/local/root";
      fsType = "zfs";
      neededForBoot = true;
    };
    "/nix" = {
      device = "zroot/local/nix";
      fsType = "zfs";
      neededForBoot = true;
    };
    "/nix/store" = {
      device = "zroot/local/nix-store";
      fsType = "zfs";
      neededForBoot = true;
    };
    "/data" = {
      device = "zroot/safe/data";
      fsType = "zfs";
      neededForBoot = true;
    };
    "/cache" = {
      device = "zroot/safe/cache";
      fsType = "zfs";
      neededForBoot = true;
    };
    "/srv/data" = {
      device = "zdata/data";
      fsType = "zfs";
    };
    "/boot/ESP0" = {
      device = "/dev/disk/by-uuid/BC0C-3065";
      fsType = "vfat";
    };
    "/boot/ESP1" = {
      device = "/dev/disk/by-uuid/BC67-2D0D";
      fsType = "vfat";
    };
  };
  swapDevices = [
    { device = "/dev/disk/by-uuid/7b9d63e0-5525-4022-9d1a-6c62d52dfb78"; }
    { device = "/dev/disk/by-uuid/2602f9a5-c42a-4514-bc4a-30fbb2c08ee9"; }
    { device = "/dev/disk/by-uuid/0f98f67f-227f-4a03-892d-d2dfd37e39ad"; }
    { device = "/dev/disk/by-uuid/c7bd8b09-45cb-42cd-b355-1a1f2ebde6d4"; }
  ];
  powerManagement.cpuFreqGovernor = lib.mkDefault "performance";
  hardware = {
    cpu.intel.updateMicrocode = true;
    enableRedistributableFirmware = true;
  };
  services.fstrim.enable = true;
 }
--- a/machines/urithiru/default.nix
+++ b/machines/urithiru/default.nix
@ -1,37 +0,0 @@
 { lib, pkgs, nixosConfigurations, ... }:
 {
  imports = [ ./hardware.nix ];
  time.timeZone = "Europe/Berlin";
  networking.hostId = "079e60ba";
  chvp = {
    stateVersion = "20.09";
    base = {
      nix = {
        enableDirenv = false;
        slowGc = true;
      };
      network.ovh = {
        enable = true;
        publicIPV4 = {
          ip = "193.70.44.178";
          gateway = "193.70.44.254";
        };
        publicIPV6 = {
          ip = "2001:41d0:0303:0ab2::";
          gateway = "2001:41d0:0303:0aff:ff:ff:ff:ff";
        };
        internalIPV4 = "192.168.0.1";
      };
      zfs = {
        enable = true;
        backups = [ ];
        rootDataset = "zroot/local/root";
        rootPool = "zroot";
      };
    };
  };
 }
--- a/machines/urithiru/hardware.nix
+++ b/machines/urithiru/hardware.nix
@ -1,82 +0,0 @@
 { lib, modulesPath, ... }:
 {
  imports = [ (modulesPath + "/installer/scan/not-detected.nix") ];
  boot = {
    loader = {
      grub = {
        enable = true;
        efiSupport = true;
        mirroredBoots = [
          { devices = [ "nodev" ]; path = "/boot/ESP0"; }
          { devices = [ "nodev" ]; path = "/boot/ESP1"; }
        ];
      };
      efi.canTouchEfiVariables = true;
    };
    initrd.availableKernelModules = [ "xhci_pci" "ehci_pci" "ahci" "usbhid" "usb_storage" "sd_mod" "sr_mod" ];
    kernelModules = [ "kvm-intel" ];
  };
  fileSystems = {
    "/" = {
      device = "zroot/local/root";
      fsType = "zfs";
      neededForBoot = true;
    };
    "/nix" = {
      device = "zroot/local/nix";
      fsType = "zfs";
      neededForBoot = true;
    };
    "/nix/store" = {
      device = "zroot/local/nix-store";
      fsType = "zfs";
      neededForBoot = true;
    };
    "/data" = {
      device = "zroot/safe/data";
      fsType = "zfs";
      neededForBoot = true;
    };
    "/cache" = {
      device = "zroot/safe/cache";
      fsType = "zfs";
      neededForBoot = true;
    };
    "/srv/data" = {
      device = "zdata/data";
      fsType = "zfs";
    };
    "/var/lib/accentor" = {
      device = "zdata/big-apps/accentor";
      fsType = "zfs";
    };
    "/boot/ESP0" = {
      device = "/dev/disk/by-uuid/6ED1-0638";
      fsType = "vfat";
      options = [ "fmask=0022" "dmask=0022" ];
    };
    "/boot/ESP1" = {
      device = "/dev/disk/by-uuid/6F25-C8B8";
      fsType = "vfat";
      options = [ "fmask=0022" "dmask=0022" ];
    };
  };
  swapDevices = [
    { device = "/dev/disk/by-uuid/2b90207f-2d08-49aa-8a05-2c98c59224c1"; }
    { device = "/dev/disk/by-uuid/e1a09bfa-9253-44f4-8c02-cf11cbde5320"; }
    { device = "/dev/disk/by-uuid/860a9a86-7882-479c-8be8-f51a5edbf7f7"; }
    { device = "/dev/disk/by-uuid/088f30de-c76d-4843-ac62-8442852b372d"; }
  ];
  nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
  powerManagement.cpuFreqGovernor = lib.mkDefault "performance";
  hardware = {
    cpu.intel.updateMicrocode = true;
    enableRedistributableFirmware = true;
  };
  services.fstrim.enable = true;
 }
--- a/modules/darwin/base/wireguard/default.nix
+++ b/modules/darwin/base/wireguard/default.nix
@ -9,7 +9,7 @@ in
  # networking.wg-quick.interfaces."wg0" = {
  #   address = [ "${data.${config.networking.hostName}.ip}/32" ];
  #   autostart = true;
-  #   dns = [ data.lasting-integrity.ip ];
+  #   dns = [ data.marabethia.ip ];
  #   mtu = 1342;
  #   peers = [
  #     {
--- a/modules/shared/base/wireguard/default.nix
+++ b/modules/shared/base/wireguard/default.nix
@ -16,11 +16,6 @@ let
      privkeyFile = config.age.secrets."files/wireguard/kholinar.privkey".path;
      ip = "10.240.0.3";
    };
    lasting-integrity = {
      pubkey = "mid3XfCY2jaNK0J6C9ltFLAbxL0IApwMw9K1Z+PU8C0=";
      privkeyFile = config.age.secrets."files/wireguard/lasting-integrity.privkey".path;
      ip = "10.240.0.6";
    };
    marabethia = {
      pubkey = "h451oXBTzim1POLmnJC1OtFzbIXyxg6d5qpFFdHLbRs=";
      privkeyFile = config.age.secrets."files/wireguard/marabethia.privkey".path;
@ -31,11 +26,6 @@ let
      privkeyFile = config.age.secrets."files/wireguard/thaylen-city.privkey".path;
      ip = "10.240.0.5";
    };
    urithiru = {
      pubkey = "f4bnm/qNhMW5iXdQcBMmP8IUN6n+pDS15Ikct7QPr0E=";
      privkeyFile = config.age.secrets."files/wireguard/urithiru.privkey".path;
      ip = "10.240.0.2";
    };
  };
  subnet = "10.240.0.0/24";
  pskFile = config.age.secrets."files/wireguard/psk".path;
--- a/secrets.nix
+++ b/secrets.nix
@ -1,24 +1,18 @@
 let
  elendel = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICZU5fDbqEkllipbknJy/Dm3Fcicb5gscVzmsFG/9RoA";
  kholinar = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOL8MzChayhcVTfZvE3/ExwXpq2+LbihjzUVlKeIGoOL";
  lasting-integrity = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMKJmeY7j5LxWVv3fKzqG4Bvg/ZhOp8iwk0utpyMWMSk";
  marabethia = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAUP1r937+PLiqdyUuqbYoyAs04/2AxuXS13grU+fvpA";
  thaylen-city = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIC/sIkgf7aYX/JcWWp/dCHgq7sJ5WDYYyWSn3DvkW4gB";
  urithiru = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOrzOpyzDc5BVtAeb5//PnMRcp+9B+DjfU7p2YpaH6a2";
  nixosHosts = [
    elendel
    kholinar
    lasting-integrity
    marabethia
    urithiru
  ];
  hosts = [
    elendel
    kholinar
    lasting-integrity
    marabethia
    thaylen-city
    urithiru
  ];
  nixosPersonals = [
    kholinar
@ -29,9 +23,7 @@ let
  ];
  servers = [
    elendel
    lasting-integrity
    marabethia
    urithiru
  ];
  charlotte = [
    "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICDb17zAg3zwvdYHNZqXSGYKseCz5281Ha6oOYPbwFYD"
@ -93,10 +85,8 @@ in
  "secrets/files/wireguard/elendel.privkey.age".publicKeys = [ elendel ] ++ users;
  "secrets/files/wireguard/kholinar.privkey.age".publicKeys = [ kholinar ] ++ users;
  "secrets/files/wireguard/lasting-integrity.privkey.age".publicKeys = [ lasting-integrity ] ++ users;
  "secrets/files/wireguard/marabethia.privkey.age".publicKeys = [ marabethia ] ++ users;
  "secrets/files/wireguard/thaylen-city.privkey.age".publicKeys = [ thaylen-city ] ++ users;
  "secrets/files/wireguard/urithiru.privkey.age".publicKeys = [ urithiru ] ++ users;
  "secrets/files/wireguard/psk.age".publicKeys = hosts ++ users;
  "secrets/data-access/ssh_host_rsa_key.age".publicKeys = [ elendel ] ++ users;
--- a/secrets/files/wireguard/lasting-integrity.privkey.age
+++ b/secrets/files/wireguard/lasting-integrity.privkey.age
@ -1,10 +0,0 @@
 age-encryption.org/v1
 -> ssh-ed25519 hKAFvQ ShoIptYiJb1oAfDEeRjof9l+WtxbiXCIfmcAqLSinhs
 pJi/7KAzsMHdHl/H4CErufITEyDgLjURQsQEs2oVbD8
 -> ssh-ed25519 s9rb8g L1n/wTrTJe2zIrY2RDJqliQA2suPjtE9Ap1hllwLtnA
 IaWa25obzFz9DiPkX+hgsznowAhAJ/wKYJ1YeSn04eA
 -> ssh-ed25519 +xxExQ ndFyx+OXyXlENpBCYxHJ4bw+FQW7P53hXJ2nyod46T8
 g22SWeTUmS5WdX+283iYFAo+yCnDFVkRk6g2kJ03PBE
 --- cra4y/CC9qs8eERUAXZm1Y8l2DS6Z+Apt+zc8g2kdSY
 +•[ÛÇX
 yŸqþ2Bè—ÉÔZ…Ÿ¶}›6£Ûü/ú¯ãH7HÓf ‰vD?Ü´¥uè‚<C3A8>x@Ø™3"<ØaŸÑ—BzœO˜d£n“%
--- a/secrets/files/wireguard/urithiru.privkey.age
+++ b/secrets/files/wireguard/urithiru.privkey.age
@ -1,9 +0,0 @@
 age-encryption.org/v1
 -> ssh-ed25519 9PfEBQ 2VzdoRBxA3+0ZHYzvkl9LK/zSP8E5aPzYPm9fKDDh2o
 OowRV+K+e/I21vHbAZkHBYkoBKAq3Czmha6k7E4T3xQ
 -> ssh-ed25519 s9rb8g 3N711/TmS4oti9LGWMGUSWnVALMtZgeqklIsvQp4Kgg
 sk1l1RjizAuAfVTqIgGNyRAV0HzylFu6unHhvdDnVPE
 -> ssh-ed25519 +xxExQ gZfXIgpEw9PEgE4mAYhCoKpDb7h0a+GHrJ5BhPDAA2s
 eKL17simjYqKaEbp4KsZMM4BqSPumgdXVBbSxMnWqIE
 --- kSO1jr8cCdu+ZbMXYWQRrPUKg2e5vzmGGAmZl6mOw2M
 (½›Þ´ –šO™Ôl'ÃZ8U?J§£—SLs÷PÞ[ù¯\Û¡|ÇºŠ„‰åº!Ç$ÖzUØ…Šª·[EÌŸæX‡p&]ˆÝ