From c76a7cf1fa616960a01400eb003c3ac266f275d3 Mon Sep 17 00:00:00 2001 From: Charlotte Van Petegem Date: Wed, 26 Jun 2024 16:19:51 +0200 Subject: [PATCH] Remove most work-related configuration I'm changing jobs --- flake.nix | 1 - machines/kharbranth/default.nix | 57 ---------------- machines/kharbranth/hardware.nix | 82 ------------------------ machines/kholinar/default.nix | 2 - modules/default.nix | 1 - modules/graphical/compositor/default.nix | 17 ----- modules/work/citrix/default.nix | 20 ------ modules/work/default.nix | 32 --------- modules/work/mounts/default.nix | 58 ----------------- modules/work/teams/default.nix | 25 -------- modules/work/vpn/default.nix | 48 -------------- modules/work/zotero/default.nix | 18 ------ 12 files changed, 361 deletions(-) delete mode 100644 machines/kharbranth/default.nix delete mode 100644 machines/kharbranth/hardware.nix delete mode 100644 modules/work/citrix/default.nix delete mode 100644 modules/work/default.nix delete mode 100644 modules/work/mounts/default.nix delete mode 100644 modules/work/teams/default.nix delete mode 100644 modules/work/vpn/default.nix delete mode 100644 modules/work/zotero/default.nix diff --git a/flake.nix b/flake.nix index 03410cf8..cb350d53 100644 --- a/flake.nix +++ b/flake.nix @@ -155,7 +155,6 @@ ]; }; nixosConfigurations = { - kharbranth = nixosSystem "x86_64-linux" "kharbranth"; kholinar = nixosSystem "x86_64-linux" "kholinar"; lasting-integrity = nixosSystem "x86_64-linux" "lasting-integrity"; urithiru = nixosSystem "x86_64-linux" "urithiru"; diff --git a/machines/kharbranth/default.nix b/machines/kharbranth/default.nix deleted file mode 100644 index 2e93476c..00000000 --- a/machines/kharbranth/default.nix +++ /dev/null @@ -1,57 +0,0 @@ -{ config, pkgs, ... }: - -{ - imports = [ ./hardware.nix ]; - - networking.hostId = "7a62a099"; - - time.timeZone = "Europe/Brussels"; - - # Machine-specific module settings - chvp = { - stateVersion = "20.09"; - base = { - bluetooth.enable = true; - network = { - mobile = { - enable = true; - wireless-interface = "wlp0s20f3"; - wired-interfaces = { - "enp0s13f0u2u2" = { }; - }; - }; - wireguard.onCorporate = true; - }; - zfs = { - encrypted = true; - backups = [ - { - path = "rpool/safe/data"; - remotePath = "zdata/recv/kharbranth/safe/data"; - fast = true; - location = "lasting-integrity"; - } - ]; - rootDataset = "rpool/local/root"; - }; - }; - development = { - enable = true; - android.enable = true; - git.email = "charlotte.vanpetegem@ugent.be"; - }; - games.enable = true; - graphical.enable = true; - programs = { - calibre.enable = true; - eid.enable = true; - element.enable = true; - hledger.enable = true; - obs.enable = true; - torrents.enable = true; - }; - work.enable = true; - }; - - services.telegraf.extraConfig.inputs.disk.mount_points = [ "/boot" ]; -} diff --git a/machines/kharbranth/hardware.nix b/machines/kharbranth/hardware.nix deleted file mode 100644 index 0888fd80..00000000 --- a/machines/kharbranth/hardware.nix +++ /dev/null @@ -1,82 +0,0 @@ -{ config, lib, pkgs, modulesPath, ... }: - -{ - imports = [ (modulesPath + "/installer/scan/not-detected.nix") ]; - - boot = { - lanzaboote = { - enable = true; - pkiBundle = "/etc/secureboot"; - }; - loader.efi.canTouchEfiVariables = true; - initrd = { - availableKernelModules = [ "xhci_pci" "thunderbolt" "nvme" "usb_storage" "sd_mod" "rtsx_pci_sdmmc" ]; - kernelModules = [ "i915" ]; - }; - kernelModules = [ "kvm-intel" ]; - extraModulePackages = [ ]; - kernel.sysctl = { - "vm.swappiness" = 1; - }; - }; - - chvp.base.zfs.systemLinks = [{ path = "/etc/secureboot"; type = "cache"; }]; - - # For Secure Boot management - environment.systemPackages = [ pkgs.sbctl ]; - - fileSystems."/" = { - device = "rpool/local/root"; - fsType = "zfs"; - neededForBoot = true; - }; - - fileSystems."/nix" = { - device = "rpool/local/nix"; - fsType = "zfs"; - neededForBoot = true; - }; - - fileSystems."/nix/store" = { - device = "rpool/local/nix-store"; - fsType = "zfs"; - neededForBoot = true; - }; - - fileSystems."/cache" = { - device = "rpool/local/cache"; - fsType = "zfs"; - neededForBoot = true; - }; - - fileSystems."/data" = { - device = "rpool/safe/data"; - fsType = "zfs"; - neededForBoot = true; - }; - - fileSystems."/boot" = { - device = "/dev/disk/by-uuid/CFDD-B4A6"; - fsType = "vfat"; - }; - - swapDevices = [ - { device = "/dev/disk/by-label/swap"; } - ]; - - powerManagement.cpuFreqGovernor = lib.mkDefault "powersave"; - hardware = { - cpu.intel.updateMicrocode = true; - enableRedistributableFirmware = true; - graphics = { - enable = true; - extraPackages = with pkgs; [ - vaapiIntel - vaapiVdpau - libvdpau-va-gl - intel-media-driver - ]; - }; - }; - services.fstrim.enable = true; -} diff --git a/machines/kholinar/default.nix b/machines/kholinar/default.nix index 14c2d4f7..34f7a789 100644 --- a/machines/kholinar/default.nix +++ b/machines/kholinar/default.nix @@ -46,8 +46,6 @@ obs.enable = true; torrents.enable = true; }; - # It's a pandemic. - work.enable = true; }; services.telegraf.extraConfig.inputs.disk.mount_points = [ "/boot" ]; diff --git a/modules/default.nix b/modules/default.nix index 98dca279..b77752f7 100644 --- a/modules/default.nix +++ b/modules/default.nix @@ -8,6 +8,5 @@ ./graphical ./programs ./services - ./work ]; } diff --git a/modules/graphical/compositor/default.nix b/modules/graphical/compositor/default.nix index 8d43d8fa..0c489069 100644 --- a/modules/graphical/compositor/default.nix +++ b/modules/graphical/compositor/default.nix @@ -410,23 +410,6 @@ in ]; }; } - { - profile = { - name = "work-undocked"; - outputs = [ - { criteria = "LG Display 0x06D6 Unknown"; position = "0,0"; mode = "1920x1080"; scale = 1.0; } - ]; - }; - } - { - profile = { - name = "work-docked"; - outputs = [ - { criteria = "LG Display 0x06D6 Unknown"; position = "0,0"; mode = "1920x1080"; scale = 1.0; } - { criteria = "Dell Inc. DELL U2718Q FN84K83Q1KHL"; position = "1920,0"; mode = "3840x2160"; scale = 1.0; } - ]; - }; - } ]; }; mako = { diff --git a/modules/work/citrix/default.nix b/modules/work/citrix/default.nix deleted file mode 100644 index 902d4edd..00000000 --- a/modules/work/citrix/default.nix +++ /dev/null @@ -1,20 +0,0 @@ -{ config, lib, ... }: - -{ - options.chvp.work.citrix.enable = lib.mkOption { - default = false; - example = true; - }; - - config = lib.mkIf config.chvp.work.citrix.enable { - chvp.base = { - nix.unfreePackages = [ "citrix-workspace" ]; - zfs.homeLinks = [ - { path = ".ICAClient"; type = "data"; } - ]; - }; - home-manager.users.charlotte = { pkgs, ... }: { - home.packages = with pkgs; [ citrix_workspace ]; - }; - }; -} diff --git a/modules/work/default.nix b/modules/work/default.nix deleted file mode 100644 index f3781591..00000000 --- a/modules/work/default.nix +++ /dev/null @@ -1,32 +0,0 @@ -{ config, lib, ... }: - -{ - imports = [ - ./citrix - ./mounts - ./teams - ./vpn - ./zotero - ]; - - options.chvp.work.enable = lib.mkOption { - default = false; - example = true; - }; - - config = lib.mkIf config.chvp.work.enable { - chvp = { - development.enable = true; - work = { - citrix.enable = lib.mkDefault false; - mounts.enable = lib.mkDefault true; - teams.enable = lib.mkDefault true; - vpn.enable = lib.mkDefault true; - zotero.enable = lib.mkDefault true; - }; - }; - home-manager.users.charlotte = { pkgs, ... }: { - home.packages = with pkgs; [ libreoffice ]; - }; - }; -} diff --git a/modules/work/mounts/default.nix b/modules/work/mounts/default.nix deleted file mode 100644 index b9215cc8..00000000 --- a/modules/work/mounts/default.nix +++ /dev/null @@ -1,58 +0,0 @@ -{ config, lib, pkgs, ... }: - -{ - options.chvp.work.mounts.enable = lib.mkOption { - default = false; - example = true; - }; - - config = lib.mkIf config.chvp.work.mounts.enable { - fileSystems = - let - automount_opts = "x-systemd.automount,noauto,x-systemd.idle-timeout=60,x-systemd.device-timeout=5s,x-systemd.mount-timeout=5s"; - in - { - "/mnt/ugent/files" = { - device = "//files.ugent.be/ecvpeteg"; - fsType = "cifs"; - options = [ "credentials=${config.age.secrets."passwords/ugent-mount-credentials".path},${automount_opts},users,vers=3.11,noperm,domain=UGENT,sec=ntlmv2i" ]; - noCheck = true; - }; - "/mnt/ugent/webhost" = { - device = "//webhost.ugent.be/ecvpeteg"; - fsType = "cifs"; - options = [ "credentials=${config.age.secrets."passwords/ugent-mount-credentials".path},${automount_opts},users,vers=3.0" ]; - noCheck = true; - }; - }; - - age.secrets."passwords/ugent-mount-credentials".file = ../../../secrets/passwords/ugent-mount-credentials.age; - - environment.systemPackages = [ pkgs.keyutils ]; - # Remove this once https://github.com/NixOS/nixpkgs/issues/34638 is resolved - # request-key expects a configuration file under /etc - environment.etc."request-key.conf" = { - text = - let - upcall = "${pkgs.cifs-utils}/bin/cifs.upcall"; - keyctl = "${pkgs.keyutils}/bin/keyctl"; - in - '' - #OP TYPE DESCRIPTION CALLOUT_INFO PROGRAM - # -t is required for DFS share servers... - create cifs.spnego * * ${upcall} -t %k - create dns_resolver * * ${upcall} %k - # Everything below this point is essentially the default configuration, - # modified minimally to work under NixOS. Notably, it provides debug - # logging. - create user debug:* negate ${keyctl} negate %k 30 %S - create user debug:* rejected ${keyctl} reject %k 30 %c %S - create user debug:* expired ${keyctl} reject %k 30 %c %S - create user debug:* revoked ${keyctl} reject %k 30 %c %S - create user debug:loop:* * |${pkgs.coreutils}/bin/cat - create user debug:* * ${pkgs.keyutils}/share/keyutils/request-key-debug.sh %k %d %c %S - negate * * * ${keyctl} negate %k 30 %S - ''; - }; - }; -} diff --git a/modules/work/teams/default.nix b/modules/work/teams/default.nix deleted file mode 100644 index 83831b6f..00000000 --- a/modules/work/teams/default.nix +++ /dev/null @@ -1,25 +0,0 @@ -{ config, lib, pkgs, ... }: - -let - teamsWrapper = pkgs.writeShellScriptBin "teams-for-linux" '' - ${pkgs.teams-for-linux}/bin/teams-for-linux --followSystemTheme - ''; -in -{ - options.chvp.work.teams.enable = lib.mkOption { - default = false; - example = true; - }; - - config = lib.mkIf config.chvp.work.teams.enable { - chvp.base = { - zfs.homeLinks = [ - { path = ".config/teams-for-linux"; type = "cache"; } - ]; - }; - - home-manager.users.charlotte = { pkgs, ... }: { - home.packages = with pkgs; [ teamsWrapper ]; - }; - }; -} diff --git a/modules/work/vpn/default.nix b/modules/work/vpn/default.nix deleted file mode 100644 index 5bff37cd..00000000 --- a/modules/work/vpn/default.nix +++ /dev/null @@ -1,48 +0,0 @@ -{ config, lib, pkgs, ... }: - -{ - options = { - chvp.work.vpn.enable = lib.mkOption { - default = false; - example = true; - }; - }; - - config = lib.mkIf config.chvp.work.vpn.enable { - systemd.services = { - ugent-global-vpn = { - after = [ "network.target" ]; - conflicts = [ "ugent-local-vpn.service" ]; - path = [ pkgs.sshuttle pkgs.openssh pkgs.bash ]; - environment = { PASSWORD_FILE = config.age.secrets."passwords/ugent-vpn".path; }; - serviceConfig.ExecStart = config.age.secrets."files/programs/vpn/global".path; - }; - ugent-local-vpn = { - after = [ "network.target" ]; - conflicts = [ "ugent-global-vpn.service" ]; - path = [ pkgs.sshuttle pkgs.openssh pkgs.bash ]; - environment = { PASSWORD_FILE = config.age.secrets."passwords/ugent-vpn".path; }; - serviceConfig.ExecStart = config.age.secrets."files/programs/vpn/local".path; - }; - }; - security.polkit.extraConfig = '' - polkit.addRule(function(action, subject) { - if (action.id == "org.freedesktop.systemd1.manage-units" && action.lookup("unit") == "ugent-global-vpn.service") { - return polkit.Result.YES; - } - if (action.id == "org.freedesktop.systemd1.manage-units" && action.lookup("unit") == "ugent-local-vpn.service") { - return polkit.Result.YES; - } - }); - ''; - age.secrets."passwords/ugent-vpn".file = ../../../secrets/passwords/ugent-vpn.age; - age.secrets."files/programs/vpn/local" = { - file = ../../../secrets/files/programs/vpn/local.age; - mode = "0500"; - }; - age.secrets."files/programs/vpn/global" = { - file = ../../../secrets/files/programs/vpn/global.age; - mode = "0500"; - }; - }; -} diff --git a/modules/work/zotero/default.nix b/modules/work/zotero/default.nix deleted file mode 100644 index 93bf54aa..00000000 --- a/modules/work/zotero/default.nix +++ /dev/null @@ -1,18 +0,0 @@ -{ config, lib, pkgs, ... }: - -{ - options.chvp.work.zotero.enable = lib.mkOption { - default = false; - example = true; - }; - - config = lib.mkIf config.chvp.work.zotero.enable { - chvp.base.zfs.homeLinks = [ - { path = ".zotero"; type = "data"; } - { path = ".local/share/Zotero"; type = "data"; } - ]; - home-manager.users.charlotte = { ... }: { - home.packages = [ pkgs.zotero ]; - }; - }; -}