Remove most work-related configuration

I'm changing jobs
2024-06-26 16:19:51 +02:00 · 2024-06-26 16:19:51 +02:00 · c76a7cf1fa
commit c76a7cf1fa
parent c8de093095
12 changed files with 0 additions and 361 deletions
--- a/flake.nix
+++ b/flake.nix
@ -155,7 +155,6 @@
          ];
        };
      nixosConfigurations = {
        kharbranth = nixosSystem "x86_64-linux" "kharbranth";
        kholinar = nixosSystem "x86_64-linux" "kholinar";
        lasting-integrity = nixosSystem "x86_64-linux" "lasting-integrity";
        urithiru = nixosSystem "x86_64-linux" "urithiru";
--- a/machines/kharbranth/default.nix
+++ b/machines/kharbranth/default.nix
@ -1,57 +0,0 @@
 { config, pkgs, ... }:
 {
  imports = [ ./hardware.nix ];
  networking.hostId = "7a62a099";
  time.timeZone = "Europe/Brussels";
  # Machine-specific module settings
  chvp = {
    stateVersion = "20.09";
    base = {
      bluetooth.enable = true;
      network = {
        mobile = {
          enable = true;
          wireless-interface = "wlp0s20f3";
          wired-interfaces = {
            "enp0s13f0u2u2" = { };
          };
        };
        wireguard.onCorporate = true;
      };
      zfs = {
        encrypted = true;
        backups = [
          {
            path = "rpool/safe/data";
            remotePath = "zdata/recv/kharbranth/safe/data";
            fast = true;
            location = "lasting-integrity";
          }
        ];
        rootDataset = "rpool/local/root";
      };
    };
    development = {
      enable = true;
      android.enable = true;
      git.email = "charlotte.vanpetegem@ugent.be";
    };
    games.enable = true;
    graphical.enable = true;
    programs = {
      calibre.enable = true;
      eid.enable = true;
      element.enable = true;
      hledger.enable = true;
      obs.enable = true;
      torrents.enable = true;
    };
    work.enable = true;
  };
  services.telegraf.extraConfig.inputs.disk.mount_points = [ "/boot" ];
 }
--- a/machines/kharbranth/hardware.nix
+++ b/machines/kharbranth/hardware.nix
@ -1,82 +0,0 @@
 { config, lib, pkgs, modulesPath, ... }:
 {
  imports = [ (modulesPath + "/installer/scan/not-detected.nix") ];
  boot = {
    lanzaboote = {
      enable = true;
      pkiBundle = "/etc/secureboot";
    };
    loader.efi.canTouchEfiVariables = true;
    initrd = {
      availableKernelModules = [ "xhci_pci" "thunderbolt" "nvme" "usb_storage" "sd_mod" "rtsx_pci_sdmmc" ];
      kernelModules = [ "i915" ];
    };
    kernelModules = [ "kvm-intel" ];
    extraModulePackages = [ ];
    kernel.sysctl = {
      "vm.swappiness" = 1;
    };
  };
  chvp.base.zfs.systemLinks = [{ path = "/etc/secureboot"; type = "cache"; }];
  # For Secure Boot management
  environment.systemPackages = [ pkgs.sbctl ];
  fileSystems."/" = {
    device = "rpool/local/root";
    fsType = "zfs";
    neededForBoot = true;
  };
  fileSystems."/nix" = {
    device = "rpool/local/nix";
    fsType = "zfs";
    neededForBoot = true;
  };
  fileSystems."/nix/store" = {
    device = "rpool/local/nix-store";
    fsType = "zfs";
    neededForBoot = true;
  };
  fileSystems."/cache" = {
    device = "rpool/local/cache";
    fsType = "zfs";
    neededForBoot = true;
  };
  fileSystems."/data" = {
    device = "rpool/safe/data";
    fsType = "zfs";
    neededForBoot = true;
  };
  fileSystems."/boot" = {
    device = "/dev/disk/by-uuid/CFDD-B4A6";
    fsType = "vfat";
  };
  swapDevices = [
    { device = "/dev/disk/by-label/swap"; }
  ];
  powerManagement.cpuFreqGovernor = lib.mkDefault "powersave";
  hardware = {
    cpu.intel.updateMicrocode = true;
    enableRedistributableFirmware = true;
    graphics =  {
      enable = true;
      extraPackages = with pkgs; [
        vaapiIntel
        vaapiVdpau
        libvdpau-va-gl
        intel-media-driver
      ];
    };
  };
  services.fstrim.enable = true;
 }
--- a/machines/kholinar/default.nix
+++ b/machines/kholinar/default.nix
@ -46,8 +46,6 @@
      obs.enable = true;
      torrents.enable = true;
    };
    # It's a pandemic.
    work.enable = true;
  };
  services.telegraf.extraConfig.inputs.disk.mount_points = [ "/boot" ];
--- a/modules/default.nix
+++ b/modules/default.nix
@ -8,6 +8,5 @@
    ./graphical
    ./programs
    ./services
    ./work
  ];
 }
--- a/modules/graphical/compositor/default.nix
+++ b/modules/graphical/compositor/default.nix
@ -410,23 +410,6 @@ in
                ];
              };
            }
            {
              profile = {
                name = "work-undocked";
                outputs = [
                  { criteria = "LG Display 0x06D6 Unknown"; position = "0,0"; mode = "1920x1080"; scale = 1.0; }
                ];
              };
            }
            {
              profile = {
                name = "work-docked";
                outputs = [
                  { criteria = "LG Display 0x06D6 Unknown"; position = "0,0"; mode = "1920x1080"; scale = 1.0; }
                  { criteria = "Dell Inc. DELL U2718Q FN84K83Q1KHL"; position = "1920,0"; mode = "3840x2160"; scale = 1.0; }
                ];
              };
            }
          ];
        };
        mako = {
--- a/modules/work/citrix/default.nix
+++ b/modules/work/citrix/default.nix
@ -1,20 +0,0 @@
 { config, lib, ... }:
 {
  options.chvp.work.citrix.enable = lib.mkOption {
    default = false;
    example = true;
  };
  config = lib.mkIf config.chvp.work.citrix.enable {
    chvp.base = {
      nix.unfreePackages = [ "citrix-workspace" ];
      zfs.homeLinks = [
        { path = ".ICAClient"; type = "data"; }
      ];
    };
    home-manager.users.charlotte = { pkgs, ... }: {
      home.packages = with pkgs; [ citrix_workspace ];
    };
  };
 }
--- a/modules/work/default.nix
+++ b/modules/work/default.nix
@ -1,32 +0,0 @@
 { config, lib, ... }:
 {
  imports = [
    ./citrix
    ./mounts
    ./teams
    ./vpn
    ./zotero
  ];
  options.chvp.work.enable = lib.mkOption {
    default = false;
    example = true;
  };
  config = lib.mkIf config.chvp.work.enable {
    chvp = {
      development.enable = true;
      work = {
        citrix.enable = lib.mkDefault false;
        mounts.enable = lib.mkDefault true;
        teams.enable = lib.mkDefault true;
        vpn.enable = lib.mkDefault true;
        zotero.enable = lib.mkDefault true;
      };
    };
    home-manager.users.charlotte = { pkgs, ... }: {
      home.packages = with pkgs; [ libreoffice ];
    };
  };
 }
--- a/modules/work/mounts/default.nix
+++ b/modules/work/mounts/default.nix
@ -1,58 +0,0 @@
 { config, lib, pkgs, ... }:
 {
  options.chvp.work.mounts.enable = lib.mkOption {
    default = false;
    example = true;
  };
  config = lib.mkIf config.chvp.work.mounts.enable {
    fileSystems =
      let
        automount_opts = "x-systemd.automount,noauto,x-systemd.idle-timeout=60,x-systemd.device-timeout=5s,x-systemd.mount-timeout=5s";
      in
      {
        "/mnt/ugent/files" = {
          device = "//files.ugent.be/ecvpeteg";
          fsType = "cifs";
          options = [ "credentials=${config.age.secrets."passwords/ugent-mount-credentials".path},${automount_opts},users,vers=3.11,noperm,domain=UGENT,sec=ntlmv2i" ];
          noCheck = true;
        };
        "/mnt/ugent/webhost" = {
          device = "//webhost.ugent.be/ecvpeteg";
          fsType = "cifs";
          options = [ "credentials=${config.age.secrets."passwords/ugent-mount-credentials".path},${automount_opts},users,vers=3.0" ];
          noCheck = true;
        };
      };
    age.secrets."passwords/ugent-mount-credentials".file = ../../../secrets/passwords/ugent-mount-credentials.age;
    environment.systemPackages = [ pkgs.keyutils ];
    # Remove this once https://github.com/NixOS/nixpkgs/issues/34638 is resolved
    # request-key expects a configuration file under /etc
    environment.etc."request-key.conf" = {
      text =
        let
          upcall = "${pkgs.cifs-utils}/bin/cifs.upcall";
          keyctl = "${pkgs.keyutils}/bin/keyctl";
        in
        ''
          #OP     TYPE          DESCRIPTION  CALLOUT_INFO  PROGRAM
          # -t is required for DFS share servers...
          create  cifs.spnego   *            *             ${upcall} -t %k
          create  dns_resolver  *            *             ${upcall} %k
          # Everything below this point is essentially the default configuration,
          # modified minimally to work under NixOS. Notably, it provides debug
          # logging.
          create  user          debug:*      negate        ${keyctl} negate %k 30 %S
          create  user          debug:*      rejected      ${keyctl} reject %k 30 %c %S
          create  user          debug:*      expired       ${keyctl} reject %k 30 %c %S
          create  user          debug:*      revoked       ${keyctl} reject %k 30 %c %S
          create  user          debug:loop:* *             |${pkgs.coreutils}/bin/cat
          create  user          debug:*      *             ${pkgs.keyutils}/share/keyutils/request-key-debug.sh %k %d %c %S
          negate  *             *            *             ${keyctl} negate %k 30 %S
        '';
    };
  };
 }
--- a/modules/work/teams/default.nix
+++ b/modules/work/teams/default.nix
@ -1,25 +0,0 @@
 { config, lib, pkgs, ... }:
 let
  teamsWrapper = pkgs.writeShellScriptBin "teams-for-linux" ''
    ${pkgs.teams-for-linux}/bin/teams-for-linux --followSystemTheme
  '';
 in
 {
  options.chvp.work.teams.enable = lib.mkOption {
    default = false;
    example = true;
  };
  config = lib.mkIf config.chvp.work.teams.enable {
    chvp.base = {
      zfs.homeLinks = [
        { path = ".config/teams-for-linux"; type = "cache"; }
      ];
    };
    home-manager.users.charlotte = { pkgs, ... }: {
      home.packages = with pkgs; [ teamsWrapper ];
    };
  };
 }
--- a/modules/work/vpn/default.nix
+++ b/modules/work/vpn/default.nix
@ -1,48 +0,0 @@
 { config, lib, pkgs, ... }:
 {
  options = {
    chvp.work.vpn.enable = lib.mkOption {
      default = false;
      example = true;
    };
  };
  config = lib.mkIf config.chvp.work.vpn.enable {
    systemd.services = {
      ugent-global-vpn = {
        after = [ "network.target" ];
        conflicts = [ "ugent-local-vpn.service" ];
        path = [ pkgs.sshuttle pkgs.openssh pkgs.bash ];
        environment = { PASSWORD_FILE = config.age.secrets."passwords/ugent-vpn".path; };
        serviceConfig.ExecStart = config.age.secrets."files/programs/vpn/global".path;
      };
      ugent-local-vpn = {
        after = [ "network.target" ];
        conflicts = [ "ugent-global-vpn.service" ];
        path = [ pkgs.sshuttle pkgs.openssh pkgs.bash ];
        environment = { PASSWORD_FILE = config.age.secrets."passwords/ugent-vpn".path; };
        serviceConfig.ExecStart = config.age.secrets."files/programs/vpn/local".path;
      };
    };
    security.polkit.extraConfig = ''
      polkit.addRule(function(action, subject) {
          if (action.id == "org.freedesktop.systemd1.manage-units" && action.lookup("unit") == "ugent-global-vpn.service") {
              return polkit.Result.YES;
          }
          if (action.id == "org.freedesktop.systemd1.manage-units" && action.lookup("unit") == "ugent-local-vpn.service") {
              return polkit.Result.YES;
          }
      });
    '';
    age.secrets."passwords/ugent-vpn".file = ../../../secrets/passwords/ugent-vpn.age;
    age.secrets."files/programs/vpn/local" = {
      file = ../../../secrets/files/programs/vpn/local.age;
      mode = "0500";
    };
    age.secrets."files/programs/vpn/global" = {
      file = ../../../secrets/files/programs/vpn/global.age;
      mode = "0500";
    };
  };
 }
--- a/modules/work/zotero/default.nix
+++ b/modules/work/zotero/default.nix
@ -1,18 +0,0 @@
 { config, lib, pkgs, ... }:
 {
  options.chvp.work.zotero.enable = lib.mkOption {
    default = false;
    example = true;
  };
  config = lib.mkIf config.chvp.work.zotero.enable {
    chvp.base.zfs.homeLinks = [
      { path = ".zotero"; type = "data"; }
      { path = ".local/share/Zotero"; type = "data"; }
    ];
    home-manager.users.charlotte = { ... }: {
      home.packages = [ pkgs.zotero ];
    };
  };
 }